Validate Names for NameServer, Zone and Record objects (and support IDNs) #269
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
peteeckel
changed the title
|
I still found some room for performance improvement and code cleanup. Won't take too long. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #268
This PR provides validation of RR names according to the rules in RFC1035, Section 2.3.1, RFC2181, Section 11 and RFC5891, Section 4.2.3. Formerly, NetBox DNS accepted virtually anything as a record name, which could lead to zone files not being loadable by DNS servers such as BIND.
Note that host names in record values are not validated at the moment. Although this is desirable and may come as a further enhancement, it is a major effort as all RR values need to be parsed for validation and there are a large number of different RR types, many of them with alternative value formats that may or may not contain names that might need validation.
During implementation it became clear that validating names also requires correct handling of IDNs (International Domain Names) which can include Unicode characters. These characters need to be converted to host names in Punycode format, which satisfies the requirements in above RFCs and do not contain anything except alphanumerical characters, hyphens, optionally underscores and dots as label separators.
Therefore NetBox DNS was extended to convert names containing any Unicode characters to Punycode, which is used for storage in the database so the data can directly be processed by name servers. In the GUI, both the Punycode and the Unicode representation are displayed where applicable, and data entry can be done in both formats as required. In pre-populated edit forms, the Unicode representation is used for initial values, page titles etc.
There are three new plugin configuration variables affecting validation:
allow_underscores_in_hostnamescan be set to allow undercores being used in host names. Normally, underscores are only permitted in certain record types such as SRV, not in normal host names, but Windows does not follow the standard and allows this. The default setting isFalse.tolerate_leading_underscore_typescontains a list of RR types that allow an underscore as the first character in a label. The default setting for this is['TXT', 'SRV'].tolerate_non_rfc1035_typescontains a list of RR types that allow characters outside the set defined in RFC1035 to be used in RR names. Record types in this list are exempt from validation altogether. The default setting is the empty list.