[BlueOnyx:22324] Re: DNS
Colin Jack
colin at mainline.co.uk
Tue Aug 14 03:56:48 -05 2018
Hi Dirk
> this sort of cname is used by Comodo in order to confirm a Certificates owner.
> Bind master will accept it, but will not show it when dig ... CName. And all Bind
> slaves will not update the zone.
Yup - that is the problem.
> PowerDNS works fine with this uncorrect string.
>
> btw: this method to confirm a domains owner is quite new and the answer to
> the General Data Protection Regulation. Prior to that the confirmation was
> done by a coded string send with email.
First time I have seen it - as you say, they normally use a TXT string.
Thanks
Colin
>
> Am 13.08.2018 um 21:02 schrieb Michael Stauber:
> > Hi Colin,
> >
> >> I have been asked by a client to create a new CNAME record on the DNS
> >> for the following:
> >>
> >> NEW Record Type: CNAME
> >>
> >> Hostname: _69F8BF440B0DA58166380745E0EB4F5F.domain.co.uk
> >>
> >> Point to:
> >>
> 57BB458482A5AB33474E97891351014E.E610BBD363C7C2E032B35DDA755B2
> B52.55W
> >> cQD58V50sJqcKeKP5.comodoca.com
> >>
> >> Bind says no! :-/
> >>
> >> It won’t accept either of the host names using the GUI and adding it
> >> to the include file causes an error.
> > The regular expressions that the GUI uses to validate input type
> > "hostname" is like this:
> >
> > <typedef name="hostname" type="re"
> >
> > data="^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-
> ]*[a-z0-9])$"
> >
> > />
> >
> > So ... no upper case characters and no leading "_". Granted, we're a
> > bit more strict there than RFC 952 and RFC 1123, which say that the
> > characters are case insensitive. Meaning: Put a big "A" there or a
> > small "a" and it doesn't matter. Both are treated as the same.
> >
> > Still: The fact remains that host- and domain names (according to RFC)
> > may not start with anything *but* a character or (as of RFC 1123) a
> > number. Hence: The underscore is a total no-no.
> >
> > Unless you're talking domain keys (which are deprecated anyway) or SRV
> > records.
> >
> > I guess what your client really wants is either a CAA-record or a
> > SRV-record and not a C-name?
> >
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list