Univention Bugzilla – Bug 52408
warn when trailing dot is missing
Last modified: 2022-10-12 08:32:53 CEST
When creating new DNS entries (mainly CNAME) its important the name name ends with a dot or not: in the last case the zone name is appended. This often leads to confusion and wrong entried. UMC should warn if the dot is missing, The also could be a "validate" function (in UMC diagnostics) which checks those CNAMEs and wars if the target is not resolvable. The customer hast lost hours until he noticed his error. TT 2020-11-19/20
Warning: if S4C is installed and running, the "broken" entry with the "missing" dot is synchronized by S4C from LDAP to Samba and back to LDAP; something adds the "missing" dot and afterwards the entry in LDPA/UDM/UMC will have the dot appended automatically. In environments without S4C this "fix" will not happen.
(In reply to Philipp Hahn from comment #1) > something adds the "missing" dot FYI: something is __append_dot(): https://git.knut.univention.de/univention/ucs/-/blob/5.0-2/services/univention-s4-connector/modules/univention/s4connector/s4/dns.py#L421 https://git.knut.univention.de/univention/ucs/-/blob/5.0-2/services/univention-s4-connector/modules/univention/s4connector/s4/dns.py#L570
syntax=univention.admin.syntax.dnsHostname is used which should warn if it does not end on a "dot". Or we can change the syntax to either allo - a single label "foo", where then the zone name is then appended by BIND. - a qualified name "foo.bar.tld." which enforced the trailing dot. While actually "server.section" where $zone is appended is allowed, it will allow more failures than preventing errors. A such I would add something like this to management/univention-directory-manager-modules/modules/univention/admin/syntax.py:2956 »···@classmethod »···def parse(self, text): »···»···text = super(dnsHostname, self).parse(text) »···»···if self.NUMERIC.match(text): »···»···»···raise univention.admin.uexceptions.valueError(_("Full name must not be all numeric!")) -»···»···labels = (text[:-1] if text.endswith('.') else text).split('.') +»···»···qualified = text.endswith('.') +»···»···labels = (text[:-1] if qualified else text).split('.') »···»···if not all(self.LABEL.match(label) for label in labels): »···»···»···raise univention.admin.uexceptions.valueError(_( »···»···»···»···"A hostname or any part of a FQDN, separated by dots, starts and ends with a letter or a digit. " »···»···»···»···"In between letters, digits, dashes and underscores are allowed. Only numbers are not allowed." »···»···»···)) +»···»···if not qualified and '.' in text.strip('.'): +»···»···»···raise univention.admin.uexceptions.valueError(_( +»···»···»···»···"Qualified hostname should end with dot to prevent zone name from getting appended." +»···»···»···)) »···»···return text