bug: Data field in DNS should start with quote (") at position 0 of ...

[poralix]

• Program: Authoritative
• Issue type: Bug report

Short description

Adding DKIM/SPF record as a TXT-type record fails with an error:

Data field in DNS should start with quote (") at position 0 of

• Operating system: CentOS 6
• Software version: pdns-backend-mysql-4.0.5-1pdns.el6.x86_64, pdns-4.0.5-1pdns.el6.x86_64
• Software source: PowerDNS repository

Steps to reproduce

as root in a server console:

# pdnsutil add-record example.nl server TXT "v=spf1 a mx ip4:1.2.3.4 ~all"
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx ip4:1.2.3.4 ~all'

# pdnsutil add-record example.nl server TXT \"v=spf1 a mx ip4:1.2.3.4 ~all\"
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should end on a quote (") in '"v=spf1'

# pdnsutil add-record example.nl server TXT "\"v=spf1 a mx ip4:1.2.3.4 ~all\""
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx ip4:1.2.3.4 ~all'

# pdnsutil add-record example.nl server TXT \""v=spf1 a mx ip4:1.2.3.4 ~all"\"
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx ip4:1.2.3.4 ~all'

# pdnsutil add-record example.nl server TXT '"v=spf1 a mx ip4:1.2.3.4 ~all"'
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx ip4:1.2.3.4 ~all'

Expected behaviour

The TXT record should be added

Actual behaviour

pdnsutil drops an error

Other information

Tested 3 CentOS servers, the same setup, the same result. No PHP installed on the server.

In order to bypass it I need to connect to MySQL console and run INSERT command manually.

Usecase

Install SPF, DKIM records into an existing dns zone

Description

Install SPF, DKIM records into an existing dns zone

[pieterlexis]

main issue: #6010

[stbuehler]

main issue: #6010

I'm not so sure about that - it seems the main issue here is that somewhere the quotes get lost.

I.e. if the following command fails:

# pdnsutil add-record example.nl server TXT '"v=spf1 a mx ip4:1.2.3.4 ~all"'

the error message should be:

Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of '"v=spf1 a mx ip4:1.2.3.4 ~all"'

I.e. the shell removes the outer single quotes '...', but pdnsutil should receive "v=spf1 a mx ip4:1.2.3.4 ~all", and the double quotes shouldn't get lost.

And this shouldn't fail to parse even considering #6010.

This command though:

# pdnsutil add-record example.nl server TXT "v=spf1 a mx ip4:1.2.3.4 ~all"

is actually #6010: if the passed data is parsed as "master (zone) format", it should (when #6010 gets fixed) be the same as:

# pdnsutil add-record example.nl server TXT '"v=spf1" "a" "mx" "ip4:1.2.3.4" "~all"'

One might argue that pdnsutil should automatically add quotes to arguments containing spaces so it feels more natural to use it; but right now the docs say very clear that the RDATA must only be one argument, and multiple arguments represent multiple records (and not multiple parts of one).

[yverry]

Same here with a _ value like:

pdnsutil add-record example.fr taiste TXT 300 "hzVRrBl4BaVolSxPCX6Sx5M8c1eoexUFVxV9n_9daq0"

Got the same error: Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'hzVRrBl4BaVolSxPCX6Sx5M8c1eoexUFVxV9n_9daq0'

[Habbie]

# pdnsutil add-record example.nl server TXT '"v=spf1 a mx ip4:1.2.3.4 ~all"'
Error: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx ip4:1.2.3.4 ~all'

This variant works for me on master.

[Habbie]

This variant works for me on master.

It also works for me on 4.0.5.

[Habbie]

pdnsutil add-record example.fr taiste TXT 300 "hzVRrBl4BaVolSxPCX6Sx5M8c1eoexUFVxV9n_9daq0"

add-record example.com server TXT '"hzVRrBl4BaVolSxPCX6Sx5M8c1eoexUFVxV9n_9daq0"' works

[Habbie]

@poralix can you please retry the variant that works for me?

[yverry]

works for me

[james-stevens]

We're seeing the same issue on CentOS-6 with v4.1.2

"pdnsutil" is stripping the double quotes, even when they are wrapped in single quotes (which are stripped off by the shell) - but wrapping the text in two sets of double quotes and in single quotes works fine!!!

pdnsutil add-record test.com host txt 86400 '"some text"'
-> fails with "Data field in DNS should start with quote (") at position 0 ..." error

... but ...
pdnsutil add-record test.com host txt 86400 '""some text""'
-> works fine, for clarify, that's [single][double][double]some text[double][double][single]

4.1.3 works fine on CentOS-7 - Will try all combinations of CentOS 6 & 7 with 4.1.2 & 4.1.3 and report

[james-stevens]

Bug still exists in v4.1.3 on CentOS-6, but not on CentOS-7

gcc-g++ is unable to build pdns from source on CentOS-6, so I've not investigated this further, yet

[pieterlexis]

Bug still exists in v4.1.3 on CentOS-6, but not on CentOS-7

Smells like a difference in the shell

gcc-g++ is unable to build pdns from source on CentOS-6, so I've not investigated this further, yet

You'll need the GCC from devtoolset-4 to compile from master.

[james-stevens]

Quoting Pieter Lexis <notifications@github.com>:

> Bug still exists in v4.1.3 on CentOS-6, but not on CentOS-7 Smells like a difference in the shell

Indeed - I tried changing the "LANG" from "en_US.UTF-8" to "C", but couldn't think of anything else.

> gcc-g++ is unable to build pdns from source on CentOS-6, so I've not investigated this further, yet You'll need the GCC from `devtoolset-4` to compile from master.

Right - I'm on it.

…

-- You are receiving this because you commented. Reply to this email directly or view it on GitHub: #6087 (comment)

[james-stevens]

./pdns/pdnsutil add-record test.com host txt 86400 '"this is text"'
argv[0]:./pdns/pdnsutil
argv[1]:add-record
argv[2]:test.com
argv[3]:host
argv[4]:txt
argv[5]:86400
argv[6]:"this is text"

the double quotes are getting into "pdnsutil" - its not the shell that's stripping them out.

[james-stevens]

We're moving everything to CentOS-7, so I can't really put any more time in on this, but I would suggest somebody who cares more about the code should check why its happening as its kind of odd behaviour.

Confirmation, argv has the correct value, but by the time it reaches "RecordTextReader::xfrText" the double quotes have been stripped off.

[nicovs]

When using PowerDNS API to request LetsEncrypt ACME over DNS auth, we also receive this error.
Using the same thing with a zone that holds no TXT records, there is no issue at all.

Jun 19 15:00:22 ns1 pdns_server[37833]: [webserver] ... Handling request "/api/v1/servers/localhost/zones/domain.be."
Jun 19 15:00:22 ns1 pdns_server[37833]: [webserver] ... HTTP ISE for "/api/v1/servers/localhost/zones/domain.be.": STL Exception: Parsing record content (try 'pdnsutil check-zone'): Data field in DNS should start with quote (") at position 0 of 'v=spf1 a mx include:spf.mail.domain.be ~all'
Jun 19 15:00:22 ns1 pdns_server[37833]: [webserver] ... Error result for "/api/v1/servers/localhost/zones/domain.be.": 500
Jun 19 15:00:22 ns1 pdns_server[37833]: [webserver] ... IP.Redacted:49898 "GET /api/v1/servers/localhost/zones/domain.be. HTTP/1.1" 500 167
Jun 19 15:00:24 ns1 pdns_server[37833]: [webserver] ... Handling request "/api/v1/servers/localhost/zones/domain.be."
Jun 19 15:00:24 ns1 pdns_server[3783

however,

└╼ sudo pdnsutil check-zone domain.be
Jun 19 15:22:26 gmysql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Jun 19 15:22:26 gmysql Connection successful. Connected to database 'powerdns' on '127.0.0.1'.
Checked 12 records of 'domain.be', 0 errors, 0 warnings.

and:

$ dig txt domain.be

; <<>> DiG 9.10.6 <<>> txt domain.be
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domain.be.			IN	TXT

;; ANSWER SECTION:
domain.be.		1615	IN	TXT	"v=spf1 a mx include:spf.mail.domain.be ~all"

;; Query time: 16 msec
;; SERVER: 2a02:1800:100::42:2#53(2a02:1800:100::42:2)
;; WHEN: Wed Jun 19 15:23:34 CEST 2019
;; MSG SIZE  rcvd: 98

[pieterlexis]

Please don't use redacted names and show us the HTTP data send to/from the API, the database content and tell us how the record was added initially (see our policy).

[nicovs]

Pieter,

Seems like the erorr was due to the fact no double quotes were indeed around the TXT record.
So, I got it fixed by manually adding the " " around the TXT records + doing an increase-serial on the zone.

Seems like PowerAdmin (and of course direct mysql insert) allow adding TXT records without the quotes.

Querying the DNS via Dig show no errors, and the TXT resolves as it should.
Using pdnsutil check-zone shows no errors
The API fails however with a zone edit - add records in my case - but also export of the zone fails with a 500 error.

Tnx for responding,
Nico

[ghost]

I haven't yet read all linked bug reports here, but may I ask how can we help here? What kind of help is needed?

Is this regarded as a bug in the api or in pdns_util?

Or was this maybe by chance fixed in a later release and just this bug report was not closed?

We hadn't the time yet to upgrade to the latest release, so if we are capable of helping out..

Thanks for any update on this!

[Habbie]

Good questions! We've never been able to reproduce the issue, and we've done a bunch of releases with various fixes since then, so I'm closing the ticket now. If anybody still has this problem, they can post here and we'll reopen, or they can make a new ticket.

[ghost]

I'm sorry!

I should've mentioned that we indeed stumbled upon this bug, so to sum this up:

1. we fill in the records via mysql currently
2. pdnsutil does not complain during check-zone
3. we are able to dig these entries successfully
4. we try to migrate to the webapi but get then the error:

Internal Server Error

we would at least expect pdnsutil to also complain about missing double quotes, or fix the api to accept missing double quotes.

it should be consistent at least.

we use pdns-server 4.2.3 currently.

I can provide completely detailed shelloutput if needed, just need to gather the information internally.

Thanks for the fast answer, anyway!

[ghost]

here is an example, hope this is helpful:

curl --header "X-API-Key: $APIKEY" http://127.0.0.1:8081/api/v1/servers/localhost/zones/teco-schallschutz.de
Internal Server Error


pdnsutil check-zone teco-schallschutz.de.
Feb 18 14:59:02 gmysql Connection successful. Connected to database 'powerdns' on 'localhost'.
Feb 18 14:59:02 gmysql Connection successful. Connected to database 'powerdns' on 'localhost'.
Checked 13 records of 'teco-schallschutz.de', 0 errors, 0 warnings.


dig txt teco-schallschutz.de. +short
"v=spf1 include:agenturserver.de ~all"


dpkg -l pdns-server
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                   Version          Architecture     Description
+++-======================-================-================-==================================================
hi  pdns-server            4.2.3-1pdns.bion amd64            extremely powerful and versatile nameserver

if you need additional information, don't hesitate to ask me 😃

[Habbie]

This ticket is about pdnsutil, not the API. What you are describing is #7960 I think.