This PR provides validation of RR names according to the rules in RFC1035, Section 2.3.1, RFC2181, Section 11 and RFC5891, Section 4.2.3. Formerly, NetBox DNS accepted virtually anything as a record name, which could lead to zone files not being loadable by DNS servers such as BIND.
Note that host names in record values are not validated at the moment. Although this is desirable and may come as a further enhancement, it is a major effort as all RR values need to be parsed for validation and there are a large number of different RR types, many of them with alternative value formats that may or may not contain names that might need validation.
During implementation it became clear that validating names also requires correct handling of IDNs (International Domain Names) which can include Unicode characters. These characters need to be converted to host names in Punycode format, which satisfies the requirements in above RFCs and do not contain anything except alphanumerical characters, hyphens, optionally underscores and dots as label separators.
Therefore NetBox DNS was extended to convert names containing any Unicode characters to Punycode, which is used for storage in the database so the data can directly be processed by name servers. In the GUI, both the Punycode and the Unicode representation are displayed where applicable, and data entry can be done in both formats as required. In pre-populated edit forms, the Unicode representation is used for initial values, page titles etc.
There are three new plugin configuration variables affecting validation:
allow_underscores_in_hostnames can be set to allow undercores being used in host names. Normally, underscores are only permitted in certain record types such as SRV, not in normal host names, but Windows does not follow the standard and allows this. The default setting is False.
tolerate_leading_underscore_types contains a list of RR types that allow an underscore as the first character in a label. The default setting for this is ['TXT', 'SRV'].
tolerate_non_rfc1035_types contains a list of RR types that allow characters outside the set defined in RFC1035 to be used in RR names. Record types in this list are exempt from validation altogether. The default setting is the empty list.
fixes #268
This PR provides validation of RR names according to the rules in RFC1035, Section 2.3.1, RFC2181, Section 11 and RFC5891, Section 4.2.3. Formerly, NetBox DNS accepted virtually anything as a record name, which could lead to zone files not being loadable by DNS servers such as BIND.
Note that host names in record values are not validated at the moment. Although this is desirable and may come as a further enhancement, it is a major effort as all RR values need to be parsed for validation and there are a large number of different RR types, many of them with alternative value formats that may or may not contain names that might need validation.
During implementation it became clear that validating names also requires correct handling of IDNs (International Domain Names) which can include Unicode characters. These characters need to be converted to host names in Punycode format, which satisfies the requirements in above RFCs and do not contain anything except alphanumerical characters, hyphens, optionally underscores and dots as label separators.
Therefore NetBox DNS was extended to convert names containing any Unicode characters to Punycode, which is used for storage in the database so the data can directly be processed by name servers. In the GUI, both the Punycode and the Unicode representation are displayed where applicable, and data entry can be done in both formats as required. In pre-populated edit forms, the Unicode representation is used for initial values, page titles etc.
There are three new plugin configuration variables affecting validation:
allow_underscores_in_hostnames
can be set to allow undercores being used in host names. Normally, underscores are only permitted in certain record types such as SRV, not in normal host names, but Windows does not follow the standard and allows this. The default setting isFalse
.tolerate_leading_underscore_types
contains a list of RR types that allow an underscore as the first character in a label. The default setting for this is['TXT', 'SRV']
.tolerate_non_rfc1035_types
contains a list of RR types that allow characters outside the set defined in RFC1035 to be used in RR names. Record types in this list are exempt from validation altogether. The default setting is the empty list.