search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.65k stars 907 forks source link

Please improve error reporting advice for bad CAA record #5552

Open jsoref opened 7 years ago

jsoref commented 7 years ago

Short description

Less than ideal messages in syslog for corrupt iodef records.

Environment

Steps to reproduce

  1. create a CAA record using PowerAdmin containing 0 iodef mailto:root@example.com
  2. try to perform a dig axfr query against the server
  3. read syslog
  4. change the record to "0 iodef mailto:root@example.com"
  5. try to perform a dig axfr query against the server
  6. read syslog

Expected behaviour

  1. Don't use "start" to mean "insert", use "insert" So, instead of: Data field in DNS should start with quote (") at position 8 of '0 iodef mailto:root@example.com' Suggest: Insert quote (") at position 8 of '0 iodef mailto:root@example.com' to start string (It probably should suggest a trailing quote (") too.)
  2. Consistently use leading caps or not (above there's a leading caps, below there isn't): expected digits at position 0 in '"0 iodef mailto:root@example.com"'
  3. You probably want singular digit instead of digits in this message (it isn't practical to have multiple digits at a single position): expected digits at position 0 in '"0 iodef mailto:root@example.com"' As in: Expected digit at position 0 in '"0 iodef mailto:root@example.com"'
  4. It would be nicer if the parser could suggest moving the quotation mark to where it belongs, as in: Move quote (") from position 0 to after 'iodef ' in '"0 iodef mailto:root@example.com"'

Actual behaviour

dig yields:

;; communications error to dnsserver#53: end of file

after the SOA record.

syslog yields:

pdns_server[31183]: Jul 25 14:40:34
 Exception: Parsing record content (try 'pdnsutil check-zone'):
 Data field in DNS should start with quote (") at position 8 of '0 iodef mailto:root@example.com'

syslog yields:

pdns_server[31183]: Jul 25 14:43:00
 Exception: Parsing record content (try 'pdnsutil check-zone'):
 expected digits at position 0 in '"0 iodef mailto:root@example.com"'

pdnsutil check-zone yields:

[Error] Following record had a problem: example.com IN CAA 0 iodef mailto:root@example.com
[Error] Error was: Parsing record content (try 'pdnsutil check-zone'):
 Data field in DNS should start with quote (") at position 8 of '0 iodef mailto:root@example.com'

Other information

The correct record format is: 0 iodef "mailto:root@example.com"

Usecase

Trying to add iodef record based on random web articles w/o understanding how to do things.

Description

The reason for this CAA record is that I want CAs to send me email when they're inappropriately asked to generate Certificates for domains I control.

But this issue is about improving pdns's error reporting to make my life easier.

Habbie commented 7 years ago

This issue is not CAA-specific. The pdns error should mention name and perhaps type for anything pdns is unhappy about.