IPA DNS plugin allows almost everything to be a DNS name.
We should warn user when nonstatandard domain name is used:
For example for following domain names should be show warning:
172.20.0.3/16. domain with.space.
Probably this should be extended to reverse zones too, user must be warned it reverse zone doesn't contain the right suffix, btu the rest fo zone looks like reverse zone.
Our IDNA checks are incompletely and not compatible with some TLDs. FreeIPA uses Python's encodings.idna module, which is limited to IDNA 2003. Some TLDs like German .de uses IDNA 2008. It's not only a new standard, it's also partly incompatible to IDNA 2003. Some code point are encoded differently, e.g. the German letter ß and the Greek letter ς, http://www.unicode.org/reports/tr46/#Transition_Considerations.
encodings.idna
.de
ß
ς
We can't move to full IDNA 2008 support yet either. A lot of browsers and tools do not support it: Python, Chrome, IE/Edge, bind-util and more.
dkupka: WONTFIX, if the input is valid accept it, if not error out, we already have enough babysiting code around DNS our IDNA checks are incomplete and incompatible with German and Greek TLD. mbasti: we had this discussion with ticket dedicated to "support IDNA2008 in IPA" --> future releases Since KRB5 does not support IDNA-encoded hosts (verify), the check is less important devmtg: won't fix
Metadata Update from @mbasti: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.