Bug 817413 - validate that domain name uses only valid characters
validate that domain name uses only valid characters
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
Depends On:
Blocks: 1132113
  Show dependency treegraph
 
Reported: 2012-04-29 16:21 EDT by Dmitri Pal
Modified: 2015-05-20 11:38 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1132113 (view as bug list)
Environment:
Last Closed: 2013-02-21 04:12:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-04-29 16:21:30 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2196

Ensure that the domain name provided during install is a valid DNS name.
Comment 1 Martin Kosek 2012-05-17 02:03:00 EDT
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/13b51f3011bfb5c5c265e08c6f207f769dbde807

ipa-server-install will now report error when the domain passed either via --domain option or interactively is not valid.
Comment 2 Jenny Galipeau 2012-06-07 14:48:58 EDT
please define what is valid and invalid for domain names ... what are you checking for ?
Comment 3 Rob Crittenden 2012-06-07 16:44:06 EDT
A domain:

1. Can't have an empty component: sub..domain.com
2. top-level domain must be alphabetic: sub.123
3. Valid characters are a-z0-9. dash is allowed but it can't be first or last.
4. An component can't be longer than 63 characters.
Comment 4 Jenny Galipeau 2012-09-25 12:15:34 EDT
regression tests added to DNS test suite
Comment 7 Namita Soman 2012-12-17 23:18:38 EST
Verified using: ipa-server-3.0.0-11.el6.x86_64

test output:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: 817413: test of invalid characters in domain name
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ipa: ERROR: invalid 'name': empty DNS label
:: [   PASS   ] :: Attempt adding a domain with a empty component
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain..empty.com: DNS zone not found
ipa: ERROR: invalid 'name': top level domain label must be alphabetic
:: [   PASS   ] :: Attempt adding a domain with a numeric TLD
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.numeric.123: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with dash at the front
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: \-domain.dash.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with dash at the end
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.dash.com-: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar^.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar#.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar$.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar*.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.sixthreemax.12345678901234567890123345678901234567890123456789012345678901234567890.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: firstlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj.long.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: long.tld.tldlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj: DNS zone not found
Comment 9 errata-xmlrpc 2013-02-21 04:12:17 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html
Comment 10 Xiyang Dong 2014-08-20 12:51:52 EDT
DNS zone added with numeric TLD :
this happens in rhel6.6 ipa-server-3.0.0-42

[root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-add --name-server=ibm-x3650m4-01-vm-09.testrelm.test. --admin-email="ipaqar.redhat.com" --serial=2010010701 --refresh=303 --retry=101 --expire=1202 --minimum=33 --ttl=55 domain.numeric.123
  Zone name: domain.numeric.123
  Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 2010010701
  SOA refresh: 303
  SOA retry: 101
  SOA expire: 1202
  SOA minimum: 33
  SOA time to live: 55
  BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST
                      krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

[root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-find domain.numeric.123
  Zone name: domain.numeric.123
  Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 2010010702
  SOA refresh: 303
  SOA retry: 101
  SOA expire: 1202
  SOA minimum: 33
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
----------------------------
Number of entries returned 1
----------------------------

Note You need to log in before you can comment on or make changes to this bug.