RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 817413 - validate that domain name uses only valid characters
Summary: validate that domain name uses only valid characters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks: 1132113
TreeView+ depends on / blocked
 
Reported: 2012-04-29 20:21 UTC by Dmitri Pal
Modified: 2015-05-20 15:38 UTC (History)
3 users (show)

Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1132113 (view as bug list)
Environment:
Last Closed: 2013-02-21 09:12:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0528 0 normal SHIPPED_LIVE Low: ipa security, bug fix and enhancement update 2013-02-21 08:22:21 UTC

Description Dmitri Pal 2012-04-29 20:21:30 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2196

Ensure that the domain name provided during install is a valid DNS name.
Comment 1 Martin Kosek 2012-05-17 06:03:00 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/13b51f3011bfb5c5c265e08c6f207f769dbde807

ipa-server-install will now report error when the domain passed either via --domain option or interactively is not valid.
Comment 2 Jenny Severance 2012-06-07 18:48:58 UTC 
please define what is valid and invalid for domain names ... what are you checking for ?
Comment 3 Rob Crittenden 2012-06-07 20:44:06 UTC 
A domain:

1. Can't have an empty component: sub..domain.com
2. top-level domain must be alphabetic: sub.123
3. Valid characters are a-z0-9. dash is allowed but it can't be first or last.
4. An component can't be longer than 63 characters.
Comment 4 Jenny Severance 2012-09-25 16:15:34 UTC 
regression tests added to DNS test suite
Comment 7 Namita Soman 2012-12-18 04:18:38 UTC 
Verified using: ipa-server-3.0.0-11.el6.x86_64

test output:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: 817413: test of invalid characters in domain name
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

ipa: ERROR: invalid 'name': empty DNS label
:: [   PASS   ] :: Attempt adding a domain with a empty component
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain..empty.com: DNS zone not found
ipa: ERROR: invalid 'name': top level domain label must be alphabetic
:: [   PASS   ] :: Attempt adding a domain with a numeric TLD
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.numeric.123: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with dash at the front
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: \-domain.dash.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with dash at the end
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.dash.com-: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar^.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar#.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar$.com: DNS zone not found
ipa: ERROR: invalid 'name': only letters, numbers, and - are allowed. DNS label may not start or end with -
:: [   PASS   ] :: Attempt adding a domain with a bad char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.badchar*.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: domain.sixthreemax.12345678901234567890123345678901234567890123456789012345678901234567890.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: firstlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj.long.com: DNS zone not found
ipa: ERROR: invalid 'name': DNS label cannot be longer that 63 characters
:: [   PASS   ] :: Attempt adding a domain with a element longer than 63 char
----------------------------
----------------------------
Number of entries returned 0
----------------------------
:: [   PASS   ] :: ensure that ipa cannot find the zone.
ipa: ERROR: long.tld.tldlkjhjklasghduygasiudfygvq7i6ertf78q6t4871y8347y2r8734y87aylfisduhcvkljasnkljnasdljdnclakj: DNS zone not found
Comment 9 errata-xmlrpc 2013-02-21 09:12:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html
Comment 10 Xiyang Dong 2014-08-20 16:51:52 UTC 
DNS zone added with numeric TLD :
this happens in rhel6.6 ipa-server-3.0.0-42

[root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-add --name-server=ibm-x3650m4-01-vm-09.testrelm.test. --admin-email="ipaqar.redhat.com" --serial=2010010701 --refresh=303 --retry=101 --expire=1202 --minimum=33 --ttl=55 domain.numeric.123
  Zone name: domain.numeric.123
  Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 2010010701
  SOA refresh: 303
  SOA retry: 101
  SOA expire: 1202
  SOA minimum: 33
  SOA time to live: 55
  BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST krb5-self * AAAA; grant TESTRELM.TEST
                      krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

[root@ibm-x3650m4-01-vm-09 ~]# ipa dnszone-find domain.numeric.123
  Zone name: domain.numeric.123
  Authoritative nameserver: ibm-x3650m4-01-vm-09.testrelm.test.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 2010010702
  SOA refresh: 303
  SOA retry: 101
  SOA expire: 1202
  SOA minimum: 33
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
----------------------------
Number of entries returned 1
----------------------------
Note You need to log in before you can comment on or make changes to this bug.