[BlueOnyx:22320] Re: DNS

Tue Aug 14 03:05:41 -05 2018

Hi,

this sort of cname is used by Comodo in order to confirm a Certificates 
owner.
Bind master will accept it, but will not show it when dig ... CName. And 
all Bind slaves will not update the zone.

PowerDNS works fine with this uncorrect string.

btw: this method to confirm a domains owner is quite new and the answer 
to the General Data Protection Regulation. Prior to that the 
confirmation was done by a coded string send with email.

Dirk

Am 13.08.2018 um 21:02 schrieb Michael Stauber:
> Hi Colin,
>
>> I have been asked by a client to create a new CNAME record on the DNS
>> for the following:
>>
>> NEW Record Type: CNAME
>>
>> Hostname: _69F8BF440B0DA58166380745E0EB4F5F.domain.co.uk
>>
>> Point to:
>> 57BB458482A5AB33474E97891351014E.E610BBD363C7C2E032B35DDA755B2B52.55WcQD58V50sJqcKeKP5.comodoca.com
>>
>> Bind says no! :-/
>>
>> It won’t accept either of the host names using the GUI and adding it to
>> the include file causes an error.
> The regular expressions that the GUI uses to validate input type
> "hostname" is like this:
>
> <typedef name="hostname" type="re"
>
> data="^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$"
>
> />
>
> So ... no upper case characters and no leading "_". Granted, we're a bit
> more strict there than RFC 952 and RFC 1123, which say that the
> characters are case insensitive. Meaning: Put a big "A" there or a small
> "a" and it doesn't matter. Both are treated as the same.
>
> Still: The fact remains that host- and domain names (according to RFC)
> may not start with anything *but* a character or (as of RFC 1123) a
> number. Hence: The underscore is a total no-no.
>
> Unless you're talking domain keys (which are deprecated anyway) or SRV
> records.
>
> I guess what your client really wants is either a CAA-record or a
> SRV-record and not a C-name?
>