50385 – Creating a host_record named @ should be disallowed

Bug 50385 - Creating a host_record named @ should be disallowed

Summary: Creating a host_record named @ should be disallowed

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UMC - DNS
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.0-6-errata
Assignee:	Philipp Hahn
QA Contact:	Florian Best

URL:	https://git.knut.univention.de/univen...
Keywords:

Duplicates (3):	45100 50384 53480 (view as bug list)
Depends on:	57028
Blocks:	57146
	Show dependency tree / graph

Reported:	2019-10-17 17:15 CEST by Arvid Requate
Modified:	2024-03-14 09:11 CET (History)
CC List:	9 users (show)

See Also:	50386 53425 49923 57146
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.286
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022070921000328, 2022070921000301, 2022070921000319, 2019100921000613, 2019100921000702, 2019100921000721, 2008102110000042, 2019103021000583, 2020080421000679, 2020080421000535, 2020082621000351, 2020120421000527, 2022033021000134, 2023082921000181
Bug group (optional):	bitesize
Customer ID:
Max CVSS v3 score:

Attachments
Screenshot (81.98 KB, image/png) 2019-10-17 17:15 CEST, Arvid Requate	Details
dont_allow_@_as_hostname.patch (817 bytes, patch) 2019-10-17 17:21 CEST, Arvid Requate	Details \| Diff
patch for forward_zone.py (1.52 KB, patch) 2020-03-09 15:38 CET, Christian Castens	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2019-10-17 17:15:43 CEST

Created attachment 10211 [details]
Screenshot

I saw two cases, one in-house and one customer where an Administrator created a host record named @ in some forward_zone, triggering a chain of actions that finally led to a full DNS blackout for that forward_zone. Here is how:

The Admin opens the DNS module in UMC, clicks on the zone and add a host record with name @. The attached screenshot shows the result in the UMC DNS treeview: It lokks as if the zone has been duplicated as a child of itself.

In named/bind9 terms, the Admin has just written a second resource record named @ into his zone file. The UMC should not allow this.

Since UMC/UDM currenlty allow this, the Admin is now in a very dangerous situation:

With a high probability, the Admin right-clicks the unwanted object and deletes it. If Samba/AD is installed in the domain, then the S4-Connector interprets this as the removal of an SOA record and removes the SOA record of that zone in Samba/AD. That's silent and nobody notices until the nameserver services (bind9) gets restarted at some point in the future and the nameserver doesn't recognize the zone as valid any longer and the customer experiences severe DNS issues for the entire domain.

Comment 2 Arvid Requate

2019-10-17 17:21:04 CEST

Created attachment 10212 [details]
dont_allow_@_as_hostname.patch

From a quick glance at dns/host_record.py and syntax.py I think the current syntax class "dnsName" is not strict enough for dns/host_record, because it only checks length restrictions. There is a subclass dnsHostname in syntax.py which checks valid characters. In a quick check I was able to prevent the dns/hostname module from accepting name=@ by applying the attached patch. Maybe there is a better solution.

I'll also add a bug for the S4-Connector, which should not mistake a host_record removal for an SOA-record removal.

Comment 3 Arvid Requate

2019-10-17 17:23:57 CEST

*** Bug 50384 has been marked as a duplicate of this bug. ***

Comment 4 Florian Best

2019-10-17 17:30:49 CEST

The described scenario in comment 0 would raise the following exception on removal:

Remark: Create a dns/host_record with hostname=@. Then in the tree view a new zone is displayed, clicking on it raises this error.

Traceback(7191e6c440057252c309fda36bd2da1b):
Interner Server-Fehler in "udm/query (dns/dns)".
Request: udm/query (dns/dns)

  File "%PY2.7%/notifier/threads.py", line 78, in _run
    tmp = self._function()
  File "%PY2.7%/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 605, in _thread
    result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 681, in search
    result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit, **kwargs)
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 1734, in lookup
    filter_s = cls.lookup_filter_superordinate(filter_s, superordinate)
  File "%PY2.7%/univention/admin/handlers/dns/host_record.py", line 228, in lookup_filter_superordinate
    filter.expressions.append(univention.admin.filter.expression('zoneName', superordinate.mapping.mapValue('zone', superordinate['zone']), escape=True))
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 478, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'zone'

Comment 5 Christian Castens

2020-03-09 15:38:16 CET

Created attachment 10305 [details]
patch for forward_zone.py

With the newly attached patch file a record named "@" will no longer be falsely listed as another DNS zone (tree-view in DNS module of UMC). It is still created exactly the same way as before but is simply not shown in the DNS module anymore. This at least prevents strange behavior, which can be seen on the attached screenshot, from being displayed in UMC. You can still find the record in the LDAP module of UMC and deletion of it is still a problem.

Comment 6 Christian Castens

2020-08-12 09:35:58 CEST

reported again

Version: 4.4-1 errata273 (Blumenthal)

Traceback(7191e6c440057252c309fda36bd2da1b):
Internal server error during "udm/query (dns/dns)".
Request: udm/query (dns/dns)

Role: domaincontroller_master

Comment 7 Christian Castens

2020-08-19 15:41:45 CEST

reported again:

Version: 4.4-4 errata710 (Blumenthal) - UCS@school 4.4 v6

Error:
Interner Server-Fehler in "udm/query (dns/dns)".
Request: udm/query (dns/dns)

  File "%PY2.7%/notifier/threads.py", line 80, in _run
    result = self._function()
  File "%PY2.7%/notifier/__init__.py", line 104, in __call__
    return self._function(*tmp, **self._kwargs)
  File "%PY2.7%/univention/management/console/modules/udm/__init__.py", line 605, in _thread
    result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden)
  File "%PY2.7%/univention/management/console/modules/udm/udm_ldap.py", line 681, in search
    result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit, **kwargs)
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 1734, in lookup
    filter_s = cls.lookup_filter_superordinate(filter_s, superordinate)
  File "%PY2.7%/univention/admin/handlers/dns/txt_record.py", line 142, in lookup_filter_superordinate
    filter.expressions.append(univention.admin.filter.expression('zoneName', superordinate.mapping.mapValue('zone', superordinate['zone']), escape=True))
  File "%PY2.7%/univention/admin/handlers/__init__.py", line 478, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'zone'

Role: domaincontroller_master

Errno: 311225bad1e7a42d1c785477731bffaa

Comment 8 Christian Castens

2020-08-19 15:48:41 CEST

reported again:
Version: 4.4-5 errata686 (Blumenthal)
Role: domaincontroller_backup

Comment 9 Christian Castens

2020-08-24 10:28:49 CEST

reported again:
Version: 4.4-5 errata686 (Blumenthal)

Remark: Diese Fehlermeldung kam direkt nach dem update auf 4.4-5

Role: domaincontroller_master

Comment 10 Florian Best

2022-03-30 14:21:18 CEST

From Bug #53425 comment 3:

Reported again, Version: 5.0-1 errata262

Remark: Went to create a new host record as @ (root), saved it, got this message about an internal error. Unable to delete @ record as it appears as a duplicate zone and keeps
popping internal error.

Error:
Internal server error during "udm/query (dns/dns)".
Request: udm/query (dns/dns)

Traceback (most recent call last):
  File "%PY3%/notifier/threads.py", line 80, in _run
    result = self._function()
  File "%PY3%/notifier/__init__.py", line 105, in __call__
    return self._function(*tmp, **self._kwargs)
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 595, in _thread
    superordinate = mod.get(superordinate)
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 730, in get
    UDM_Error(exc).reraise()
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 365, in reraise
    six.reraise(self.__class__, self, self.exc_info[2])
  File "%PY3%/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 718, in get
    obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
  File "%PY3%/univention/admin/handlers/dns/host_record.py", line 156, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "%PY3%/univention/admin/handlers/__init__.py", line 223, in __init__
    raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
univention.management.console.modules.udm.udm_ldap.UDM_Error: The object type of this object differs from the specified object type.
relativeDomainName=@,zoneName=XXX.XXX,cn=dns,dc=XXX,dc=XXX is not recognized as dns/host_record.

Role: domaincontroller_master

Comment 11 Maximilian Janßen

2022-07-15 13:04:26 CEST

comment 10 reported again in Version: 5.0-2 errata345; Role: domaincontroller_backup

Comment 12 Mika Westphal

2022-11-11 11:02:58 CET

Reported again: 2022092621000711
Version: 5.0-2 errata425

Error:
Internal server error during "udm/query (dns/dns)".
Request: udm/query (dns/dns)

Traceback (most recent call last):
  File "%PY3%/notifier/threads.py", line 80, in _run
    result = self._function()
  File "%PY3%/notifier/__init__.py", line 105, in __call__
    return self._function(*tmp, **self._kwargs)
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 597, in _thread
    _superordinate, mod = self.get_obj_module(request.flavor, superordinate)
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 230, in get_obj_module
    return get_obj_module(flavor, ldap_dn, self.get_ldap_connection()[0])
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 1222, in get_obj_module
    return module.get(ldap_dn, attributes=attr), module
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 731, in get
    UDM_Error(exc).reraise()
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 366, in reraise
    six.reraise(self.__class__, self, self.exc_info[2])
  File "%PY3%/six.py", line 692, in reraise
    raise value.with_traceback(tb)
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 719, in get
    obj = self.module.object(None, ldap_connection, None, ldap_dn, superordinate, attributes=attributes)
  File "%PY3%/univention/admin/handlers/dns/txt_record.py", line 115, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "%PY3%/univention/admin/handlers/__init__.py", line 227, in __init__
    raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
univention.management.console.modules.udm.udm_ldap.UDM_Error: The object type of this object differs from the specified object type.
relativeDomainName=@,zoneName=************,cn=dns,dc=*****,dc=*****,dc=***** is not recognized as dns/txt_record.

Role: domaincontroller_master

Comment 13 Christina Scheinig

2023-08-30 14:07:24 CEST

This happend again in a school environment. Ticket 2023082921000181
This is a full DNS blackout for the primary and all 21 school slaves, which all needs to be manually fixed!
Steps to be done
Edit /etc/hosts to make dns work again, so that univention-diectory-listener-ctrl resync bind works and the zone is added again.
In samba the zone is deleted and has to be readded from backup.

We really should prevent this from happening. This costs the support 2 days fixing

Comment 15 Florian Best

2023-08-30 14:14:30 CEST

Why do customers create a record named "@"? What do they want to achieve?

Comment 16 Christina Scheinig

2023-08-30 14:15:45 CEST

We will never know why customers do that, but we have to prevent this from happening!

Comment 18 Dirk Wiesenthal

2023-08-31 09:12:09 CEST

Is it always exactly "@"? Would it be enough to simply disallow exactly "@" as a value in the syntax.py instead of filtering it in the module?

Comment 19 Wolfgang Bayrhof

2023-08-31 10:36:32 CEST

I also don't know what the customers want to achieve in each individual case, but I think the chances are high that this will happen again and again. In the named/bind syntax for zone files the @-symbol is a placeholder which can substitute an earlier $ORIGIN statement. There'll always be someone who knows the zone file syntax and could get the idea to use the @-symbol via UMC.
BTW: I agree completely with comment 10. ;-) The last case bound at least 2 FTE to clean up. IMO it's very important that this get fixed asap.

Comment 20 Mika Westphal

2023-10-06 12:00:15 CEST

2023100221000314  5.0-5 errata821  Remark: I entered the wrong hostname, and now I can't delete it.

Internal server error during "udm/remove (dns/dns)".
Request: udm/remove (dns/dns)

Traceback (most recent call last):
  File "%PY3%/univention/management/console/modules/decorators.py", line 259, in _run
    result = self._function(*args, **kwargs)  # type: Union[BaseException, _T]
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 466, in remove
    module.remove(ldap_dn, options.get('cleanup', False), options.get('recursive', False))
  File "%PY3%/univention/management/console/modules/udm/udm_ldap.py", line 594, in remove
    obj = self.module.object(None, ldap_connection, ldap_position, dn=ldap_dn, superordinate=superordinate)
  File "%PY3%/univention/admin/handlers/dns/host_record.py", line 158, in __init__
    univention.admin.handlers.simpleLdap.__init__(self, co, lo, position, dn, superordinate, attributes=attributes)
  File "%PY3%/univention/admin/handlers/__init__.py", line 230, in __init__
    raise univention.admin.uexceptions.wrongObjectType('%s is not recognized as %s.' % (self.dn, self.module))
univention.admin.uexceptions.wrongObjectType: The object type of this object differs from the specified object type: relativeDomainName=@,zoneName=***,cn=***,dc=***,dc=*** is not recognized as dns/host_record.

Comment 21 Philipp Hahn

2023-10-07 15:03:02 CEST

https://datatracker.ietf.org/doc/html/rfc1035#section-5.1 specified the file format for zone files. 
The following special entries are known to me:
- $ORIGIN
- $INCLUDE
- $GENERATE
- @

Using "-quoting and backlash-escaping ANY character/octet is allowed!

Basically all LDAP filters for UDM modules `dns/*` are wrong:

- all entries have `objectCLass: dNSZone` -> OKAY

- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/forward_zone.py:
285         return univention.admin.filter.conjunction('&', [
286             univention.admin.filter.expression('objectClass', 'dNSZone'),
287             univention.admin.filter.expression('relativeDomainName', '@'),
288             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('zoneName', '*%s' % ARPA_IP4, escape=False)]),
289             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('zoneName', '*%s' % ARPA_IP6, escape=False)]),

`(relativeDomainName=@)` is wrong as this also matches the quoted "\@" which is a completely valid DNS name.

-> This needs to be changed to `(sOARecord=*)`

- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/reverse_zone.py
265             univention.admin.filter.expression('objectClass', 'dNSZone'),
266             univention.admin.filter.expression('relativeDomainName', '@'),

-> DITO

- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/txt_record.py
136         return univention.admin.filter.conjunction('&', [
137             univention.admin.filter.expression('objectClass', 'dNSZone'),
138             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
139             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('zoneName', '*.in-addr.arpa', escape=False)]),
140             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('cNAMERecord', '*', escape=False)]),
141             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('sRVRecord', '*', escape=False)]),
142             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('aRecord', '*', escape=False)]),
143             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('aAAARecord', '*', escape=False)]),
144             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('mXRecord', '*', escape=False)]),
145             univention.admin.filter.expression('tXTRecord', '*', escape=False),
- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/srv_record.py
166             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/ptr_record.py
228             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/ns_record.py
143                     univention.admin.filter.expression('relativeDomainName', '@'),
- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/host_record.py
212             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
- management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py
144             univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),

-> (!(sOARecord=*))


many more changed in my local git branch, see https://git.knut.univention.de/univention/ucs/-/merge_requests/915

Comment 22 Philipp Hahn

2023-11-14 11:21:03 CET

*** Bug 53480 has been marked as a duplicate of this bug. ***

Comment 23 Philipp Hahn

2024-03-04 16:12:42 CET

*** Bug 45100 has been marked as a duplicate of this bug. ***

Comment 24 Philipp Hahn

2024-03-04 20:04:52 CET

[bug/50385] 47343c373a refactor(udm/handler): simplify empty check
 .../modules/univention/admin/de.po                              | 11 ++-----
 .../modules/univention/admin/handlers/__init__.py               | 47 ++++++++++-------------------
 .../modules/univention/admin/handlers/computers/__base.py       |  4 +--
 .../modules/univention/admin/handlers/dns/forward_zone.py       |  2 +-
 .../modules/univention/admin/handlers/settings/portal_entry.py  |  2 +-
 .../modules/univention/admin/handlers/users/user.py             | 10 +++---
 .../modules/univention/admin/syntax.py                          | 37 +++++++++--------------
 7 files changed, 44 insertions(+), 69 deletions(-)

[bug/50385] 08203c780a refactor(udm/handler/simpleComputer): DNS/DHCP parsing
 .../modules/univention/admin/handlers/__init__.py                      | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

[bug/50385] 3b04f9c74e fix(udm): no recursive computers import
 .../modules/univention/admin/handlers/computers/__init__.py                | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

[bug/50385] 48c5ca0095 doc(udm/dns/zone/ns): Document FQDN
 .../univention-directory-manager-modules/modules/univention/admin/handlers/dns/de.po | 9 ++++++---
 .../modules/univention/admin/handlers/dns/forward_zone.py                            | 2 +-
 .../modules/univention/admin/handlers/dns/reverse_zone.py                            | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

[bug/50385] 41bb2a53bd refactor(udm/dns/zone): Harmonize forward/reverse zone
 .../modules/univention/admin/handlers/dns/forward_zone.py                          |  7 ++++---
 .../modules/univention/admin/handlers/dns/reverse_zone.py                          | 10 +++++-----
 2 files changed, 9 insertions(+), 8 deletions(-)

[bug/50385] ab1d9ad8a9 refactor(udm/dnsedit): argument parsing
 .../univention-directory-manager-modules/univention-dnsedit     | 94 +++++++++++++++--------------
 1 file changed, 50 insertions(+), 44 deletions(-)

[bug/50385] 4698a9611a doc(udm): PEP-484 type annotations
 .../modules/univention/admin/__init__.py                        |   9 +-
 .../modules/univention/admin/allocators.py                      |  97 ++++++++--
 .../modules/univention/admin/blocklist.py                       |  16 ++
 .../modules/univention/admin/filter.py                          |   4 +-
 .../modules/univention/admin/handlers/__init__.py               | 274 ++++++++++++++++++----------
 .../modules/univention/admin/handlers/users/user.py             |  94 +++++-----
 .../modules/univention/admin/modules.py                         |  54 ++++--
 .../modules/univention/admin/objects.py                         |   8 +-
 .../modules/univention/admin/syntax.py                          |  13 +-
 .../modules/univention/admin/uldap.py                           |  34 ++--
 ...
 42 files changed, 928 insertions(+), 1687 deletions(-)

[bug/50385] 15d9df4ae9 refactor(udm/dns): Use helper function
 .../debian/python3-univention-directory-manager.postinst        |  3 ++-
 .../modules/univention/admin/handlers/dns/__init__.py           | 31 +++++++++++++++++++++++++++++
 .../modules/univention/admin/handlers/dns/alias.py              |  6 +++---
 .../modules/univention/admin/handlers/dns/forward_zone.py       |  8 ++++----
 .../modules/univention/admin/handlers/dns/host_record.py        | 13 ++++++------
 .../modules/univention/admin/handlers/dns/ns_record.py          | 11 +++++-----
 .../modules/univention/admin/handlers/dns/ptr_record.py         |  6 +++---
 .../modules/univention/admin/handlers/dns/reverse_zone.py       | 10 ++++++----
 .../modules/univention/admin/handlers/dns/srv_record.py         |  6 +++---
 .../modules/univention/admin/handlers/dns/txt_record.py         | 17 ++++++++--------
 10 files changed, 73 insertions(+), 38 deletions(-)

[bug/50385] 2c7f55ec94 fix(udm/dns): Fix attribute exclusion
 .../modules/univention/admin/handlers/dns/alias.py                              | 13 ++-----------
 .../modules/univention/admin/handlers/dns/host_record.py                        |  9 +--------
 .../modules/univention/admin/handlers/dns/ptr_record.py                         |  9 +--------
 .../modules/univention/admin/handlers/dns/srv_record.py                         |  7 +------
 .../modules/univention/admin/handlers/dns/txt_record.py                         |  8 ++++----
 5 files changed, 9 insertions(+), 37 deletions(-)

[bug/50385] 8817a9f442 fix(udm/dns): Fix check for DNS zones
 doc/errata/staging/univention-bind.yaml                                         | 13 +++++++++++++
 .../modules/univention/admin/handlers/__init__.py                               |  6 +++---
 .../modules/univention/admin/handlers/container/dc.py                           |  4 ++--
 .../modules/univention/admin/handlers/dns/alias.py                              |  4 ++--
 .../modules/univention/admin/handlers/dns/forward_zone.py                       |  4 ++--
 .../modules/univention/admin/handlers/dns/host_record.py                        |  4 ++--
 .../modules/univention/admin/handlers/dns/ns_record.py                          |  4 ++--
 .../modules/univention/admin/handlers/dns/ptr_record.py                         |  4 ++--
 .../modules/univention/admin/handlers/dns/reverse_zone.py                       |  4 ++--
 .../modules/univention/admin/handlers/dns/srv_record.py                         |  4 ++--
 ...
 14 files changed, 39 insertions(+), 25 deletions(-)

[bug/50385] ee2ab9baa2 fix(udm/dns/ptr): Require pTRRecord
 .../modules/univention/admin/handlers/dns/ptr_record.py                                     | 2 ++
 1 file changed, 2 insertions(+)

[bug/50385] 6cc72ebf21 fix(udm/dns): IPv4/6 handling
 doc/errata/staging/univention-directory-manager-modules.yaml                       |  3 ++-
 management/univention-directory-manager-modules/debian/changelog                   |  7 +++++++
 .../modules/univention/admin/handlers/dns/alias.py                                 |  3 +--
 .../modules/univention/admin/handlers/dns/forward_zone.py                          |  3 +--
 .../modules/univention/admin/handlers/dns/host_record.py                           |  4 ++--
 .../modules/univention/admin/handlers/dns/ns_record.py                             |  6 ++----
 .../modules/univention/admin/handlers/dns/ptr_record.py                            | 10 +++++-----
 .../modules/univention/admin/handlers/dns/reverse_zone.py                          |  2 +-
 .../modules/univention/admin/handlers/dns/srv_record.py                            |  3 +--
 .../modules/univention/admin/handlers/dns/txt_record.py                            |  7 ++++---
 10 files changed, 26 insertions(+), 22 deletions(-)

[bug/50385] af30f6ed97 style(udm/dns/ns): re-indent and expand boolean logic
 .../modules/univention/admin/handlers/dns/ns_record.py                      | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

[bug/50385] aedc000825 refactor(udm/dns): Normalize identify() implementations
 .../modules/univention/admin/handlers/dns/alias.py                         | 11 +++++++++--
 .../modules/univention/admin/handlers/dns/forward_zone.py                  |  7 ++++++-
 .../modules/univention/admin/handlers/dns/host_record.py                   | 18 +++++++++---------
 .../modules/univention/admin/handlers/dns/ns_record.py                     | 14 +++++++-------
 .../modules/univention/admin/handlers/dns/ptr_record.py                    | 10 +++++-----
 .../modules/univention/admin/handlers/dns/reverse_zone.py                  |  8 +++++---
 .../modules/univention/admin/handlers/dns/srv_record.py                    | 14 +++++++-------
 .../modules/univention/admin/handlers/dns/txt_record.py                    | 16 ++++++++--------
 8 files changed, 56 insertions(+), 42 deletions(-)

[bug/50385] 3d0506f9e8 doc(udm/dns): add type hints to identify()
 .../modules/univention/admin/handlers/dns/__init__.py                                   | 3 +++
 .../univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py | 4 ++--
 .../univention-directory-manager-modules/modules/univention/admin/handlers/dns/dns.py   | 3 ++-
 .../modules/univention/admin/handlers/dns/forward_zone.py                               | 6 ++++--
 .../modules/univention/admin/handlers/dns/host_record.py                                | 3 ++-
 .../modules/univention/admin/handlers/dns/ns_record.py                                  | 4 ++--
 .../modules/univention/admin/handlers/dns/ptr_record.py                                 | 4 ++--
 .../modules/univention/admin/handlers/dns/reverse_zone.py                               | 4 ++--
 .../modules/univention/admin/handlers/dns/srv_record.py                                 | 4 ++--
 .../modules/univention/admin/handlers/dns/txt_record.py                                 | 4 ++--
 10 files changed, 23 insertions(+), 16 deletions(-)

[bug/50385] 436e9ed5d9 refactor(udm/dns): Convert to list comprehension
 .../modules/univention/admin/handlers/dns/host_record.py                     | 16 ++++++++--------
 .../modules/univention/admin/handlers/dns/srv_record.py                      | 16 ++++++++--------
 2 files changed, 16 insertions(+), 16 deletions(-)

[bug/50385] c95c6f26cf fix(udm/dns): escape DNS names
 doc/errata/staging/univention-directory-manager-modules.yaml    |  3 +-
 .../univention-directory-manager-modules/debian/changelog       |  6 +++
 .../modules/univention/admin/de.po                              | 11 ++--
 .../modules/univention/admin/syntax.py                          | 78 ++++++++++++++++++++++++-----
 4 files changed, 82 insertions(+), 16 deletions(-)

Package: univention-bind
Version: 14.0.6-1
Branch: ucs_5.0-0
Scope: errata5.0-6

[5.0-6] 4254f0f7e0 refactor(udm/dnsedit): argument parsing 2
 doc/errata/staging/univention-directory-manager-modules.yaml       | 2 +-
 management/univention-directory-manager-modules/debian/changelog   | 6 ++++++
 management/univention-directory-manager-modules/univention-dnsedit | 5 +++--
 3 files changed, 10 insertions(+), 3 deletions(-)

Package: univention-directory-manager-modules
Version: 15.0.25-16
Version: 15.0.25-17
Branch: ucs_5.0-0
Scope: errata5.0-6

Comment 25 Philipp Hahn

2024-03-05 10:35:42 CET

[5.0-6] 387c73a3ca fix(UDM): Restart UDM-Rest on upgrade
 doc/errata/staging/univention-directory-manager-modules.yaml                            | 2 +-
 management/univention-directory-manager-modules/debian/changelog                        | 6 ++++++
 .../debian/python3-univention-directory-manager.postinst                                | 3 ++-
 .../debian/univention-directory-manager-tools.postinst                                  | 1 +
 4 files changed, 10 insertions(+), 2 deletions(-)

Package: univention-directory-manager-modules
Version: 15.0.25-19
Branch: ucs_5.0-0
Scope: errata5.0-6

Comment 26 Florian Best

2024-03-05 11:28:52 CET

OK: zones are now identified by sOARecord instead of relativeDomainName=@
OK: adjustments of all filters accordingly
OK: Code review
OK: cleanups, refactoring
OK: Jenkins tests
~OK: no new tests added
OK: advisory

Comment 27 Philipp Hahn

2024-03-07 13:07:24 CET

<https://errata.software-univention.de/#/?erratum=5.0x985>
<https://errata.software-univention.de/#/?erratum=5.0x991>