search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.06k stars 390 forks source link

AWS Route53 GetZone error while parsing TXT record #2854

Open thebetauser opened 5 months ago

thebetauser commented 5 months ago

NOTE: Have a general question? You'll get a better response on the dnscontrol-discuss email list!

Describe the bug GetZone fails while trying to handle AWS Route53 TXT records. Not sure why this specific string is causing the error, originally I thought it was a quote issue however DKIM records with quotes inside of them do not generate this error.

To Reproduce Steps to reproduce the behavior:

  1. Create a TXT record in AWS Route 53 from the code snippet below
  2. Run the command: dnscontrol get-zones --format=js r53_entry - YOURDOMAIN.com

Expected behavior Correctly parse TXT records from a aws route53 zone.

DNS Provider

Additional context

This is a TXT record for a spf value which generated the error (IPs censored but character length and syntax is direct from amazon route53 UI):

"v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

Output

failed GetZone gzr: unparsable record type="TXT" received from ROUTE53: invalid TXT record: "v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

tlimoncelli commented 5 months ago

CC @tresni (maintainer of the route53 provider)

tlimoncelli commented 5 months ago

The string in the UI is... interesting...

This part here seems invalid:

2 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32

Was that record generated by DNSControl or some other system?

As a work-around, use the web UI to remove the "" from the middle of that string. Please let us know if it worked.

thebetauser commented 5 months ago

Removing the quotes won't work because it's over 255 characters. Route53 returns InvalidChangeBatch 400: CharacterStringTooLong (Value is to long) error. Putting the quotes within the string works and is a valid record.

AWS specifically mentions the limit and requires you to split the string https://repost.aws/knowledge-center/route53-resolve-dkim-text-record-error

thebetauser commented 5 months ago

I was able to resolve the issue, seems there is a specific quotation syntax that is required. In the above post from amazon, they used "" (no space between quotes) however the correct syntax for DNSControl to parse the record requires a space between the quotes. Route53 UI lets you use no space quotation marks as well as spaced quotation marks for TXT records over 255 chars. Here is the updated working syntax:

"v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32" "ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

This doesn't seem to be a DNSControl specific issue so you can go ahead and close this out.

It would be nice if in the future additional checks for quote syntax was added for TXT records since route53 has a 255 character limit and requires the use of quotation marks to concat the strings