pmhausen
commented
4 weeks ago @AdSchellevis That was quick! Thanks! Will that make it into the 24.1 branch? I am not quite familiar with your release management, yet.
Closed pmhausen closed 4 weeks ago
pmhausen
commented
4 weeks ago @AdSchellevis That was quick! Thanks! Will that make it into the 24.1 branch? I am not quite familiar with your release management, yet.
AdSchellevis
commented
4 weeks ago @pmhausen it's a (very) small change, let's ask @fichtner to pull it in when he has time :)
fichtner
commented
4 weeks ago Ok how about tomorrow? ;)
pmhausen
commented
4 weeks ago While you are at it - I guess Unbound > Overrides > Domain Overrides deserves the same treatment and possibly Host Overrrides, too.
AdSchellevis
commented
4 weeks ago @pmhausen since host and domain are split there and validations underneath differ a bit, better open another ticket for that when needed. rfc2181 removes almost all constraints from the field, which might have other downsides in these cases.
pmhausen
commented
4 weeks ago Domain Overrides IMHO has exactly the same constraints as Query Forwarding. I was a little bit puzzled by the former still existing. Wasn't the intention to remove that (legacy) part of the menu in favour of Query Forwarding?
Anyway - Host Overrides should follow the standard for host names. Domain Overrides is just another name for essentially Query Forwarding.
Kind regards, Patrick
AdSchellevis
commented
4 weeks ago Domain Overrides IMHO has exactly the same constraints as Query Forwarding. I was a little bit puzzled by the former still existing. Wasn't the intention to remove that (legacy) part of the menu in favour of Query Forwarding?
yes, so better to leave it alone for now (https://github.com/opnsense/core/issues/7243)
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
The UI does not allow the configuration of a query forwarding if the zone name starts with an underscore. Unfortunately this is frequently the case with special Microsoft AD integrated zones - wich are in turn prime candidates for query forwarding.
To Reproduce
Navigate to Service > Unbound > Query Forwarding, try to add an entry like in my screen shot.
Expected behavior
The entry should be permitted.
Describe alternatives you considered
There is no alternative ;)
Screenshots
Relevant log files
none
Additional context
The validity of these zone names is frequently the topic of debate. My reading of the relevant RFCs is that underscore in hostnames is not allowed, but perfectly well so in zone names or e.g. SRV records. Also Microsoft does (surprise!) have a history of adhering to standards quite tightly in the infrastructure (DNS, LDAP, Kerberos, ...) areas.
Environment
OPNsense 24.1.7_4