Improve validation of domain name fields in record values
Closed this issue · 0 comments
This goes back to discussion #255 started by @xsu734.
As it turned out during the course of this discussion, the validation of record values provided by dnspython
is excessively lenient when it comes to domain names embedded in record values. While a strict validation of names is difficult and depends on too many factors to be implemented in the same way as for record, name server and zone names, the tolerance of dnspython
is much too high.
An extreme example provided by @xsu734 is the 'name' [#^$[¨}!;--_?:.@/\ˇ´%].
, which is definitely pushing the boundaries too far but is accepted as a valid domain name (IDN, in fact) by dnspython
:
>>> rr = dns.rdata.from_text('IN', 'CNAME', '[#^$[¨}!;--_?:.@/\ˇ´%]')
>>> rr
<DNS IN CNAME rdata: xn--[#^\$[\032}!-20e>
>>> rr.target.to_unicode()
'[#^\\$[\\032̈}!'
In order to avoid this issue, names in resource record values should at least be validated against the most tolerant standards in NetBox DNS tolerating underscores, root zones etc. in host names. That's not a perfect solution, but it's probably much better than what is currently possible.