Red Hat Bugzilla – Bug 817413
validate that domain name uses only valid characters
Last modified: 2015-05-20 11:38:59 EDT
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/2196 Ensure that the domain name provided during install is a valid DNS name.
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/13b51f3011bfb5c5c265e08c6f207f769dbde807 ipa-server-install will now report error when the domain passed either via --domain option or interactively is not valid.
please define what is valid and invalid for domain names ... what are you checking for ?
A domain: 1. Can't have an empty component: sub..domain.com 2. top-level domain must be alphabetic: sub.123 3. Valid characters are a-z0-9. dash is allowed but it can't be first or last. 4. An component can't be longer than 63 characters.
regression tests added to DNS test suite
Verified using: ipa-server-3.0.0-11.el6.x86_64 test output: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: 817413: test of invalid characters in domain name :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ipa: ERROR: invalid 'name': empty DNS label :: [ PASS ] :: Attempt adding a domain with a empty component ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain..empty.com: DNS zone not found ipa: ERROR: invalid 'name': top level domain label must be alphabetic :: [ PASS ] :: Attempt adding a domain with a numeric TLD ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.numeric.123: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with dash at the front ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: \-domain.dash.com: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with dash at the end ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.dash.com-: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with a bad char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.badchar^.com: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with a bad char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.badchar#.com: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with a bad char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.badchar$.com: DNS zone not found ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with - :: [ PASS ] :: Attempt adding a domain with a bad char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.badchar*.com: DNS zone not found ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters :: [ PASS ] :: Attempt adding a domain with a element longer than 63 char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: domain.sixthreemax.12345678901234567890123345678901234567890123456789012345678901234567890.com: DNS zone not found ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters :: [ PASS ] :: Attempt adding a domain with a element longer than 63 char ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: firstlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj.long.com: DNS zone not found ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters :: [ PASS ] :: Attempt adding a domain with a element longer than 63 char ---------------------------- ---------------------------- Number of entries returned 0 ---------------------------- :: [ PASS ] :: ensure that ipa cannot find the zone. ipa: ERROR: long.tld.tldlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj: DNS zone not found
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html
DNS zone added with numeric TLD : this happens in rhel6.6 ipa-server-3.0.0-42 [root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-add --name-server=ibm-x3650m4-01-vm-09.testrelm.test. --admin-email="ipaqar.redhat.com" --serial=2010010701 --refresh=303 --retry=101 --expire=1202 --minimum=33 --ttl=55 domain.numeric.123 Zone name: domain.numeric.123 Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test. Administrator e-mail address: ipaqar.redhat.com. SOA serial: 2010010701 SOA refresh: 303 SOA retry: 101 SOA expire: 1202 SOA minimum: 33 SOA time to live: 55 BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-find domain.numeric.123 Zone name: domain.numeric.123 Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test. Administrator e-mail address: ipaqar.redhat.com. SOA serial: 2010010702 SOA refresh: 303 SOA retry: 101 SOA expire: 1202 SOA minimum: 33 Active zone: TRUE Allow query: any; Allow transfer: none; ---------------------------- Number of entries returned 1 ----------------------------