#7739 dnszone shows wrong value for admin email
Opened 2 years ago by cheimes. Modified a year ago

Issue

A SOA RNAME has the @ replaced by a .. Since the user part of an email address can contain dots, a dot is escaped as \.. The output of dnszone commands strips any backslash escape from the admin email addresses.

Steps to Reproduce

  1. ipa dnszone-mod --admin-email admin.1@ipa.test. ipa.test.

Actual behavior

  Zone name: ipa.test.
  Active zone: TRUE
  Authoritative nameserver: master.ipa.test.
  Administrator e-mail address: admin.1.ipa.test
  ...

Expected behavior

Administrator e-mail address: admin\.1.ipa.test

Version/Release/Distribution

freeipa-server-4.7.0-3.fc29.x86_64

Additional info:

The SOA required for the zone is correct:

ipa.test. 86400 IN SOA master.ipa.test. admin\.1.ipa.test. 1540217518 3600 900 1209600 3600

The bug is in the DNSName class:

>>> import ipapython.dnsutil
>>> str(ipapython.dnsutil.DNSName(r'admin\.1.example.org'))
admin.1.example.org

Metadata Update from @abbra:
- Issue set to the milestone: FreeIPA 4.7.2 (was: 0.0 NEEDS_TRIAGE)

2 years ago

To clarify, I don't think it's a bug in dnspython. Either it's a problem in FreeIPA's custom DNSName class or a wrong usage of FreeIPA's DNSName class:

>>> import ipapython.dnsutil
>>> ipapython.dnsutil.DNSName(r'admin\.1.example.org.')
<DNS name admin.1.example.org.>
>>> import dns.name
>>> dns.name.from_text(r'admin\.1.example.org.')
<DNS name admin\.1.example.org.>

@cheimes: the difference in your mentioned is due to reimplementation of str method in dnsutil.DNSName. Original Name uses to_text and DNSName uses to_unicode.

>>> import ipapython.dnsutil
>>> ipapython.dnsutil.DNSName(r'admin\.1.example.org.').to_text()
'admin\\.1.example.org.'
>>> ipapython.dnsutil.DNSName(r'admin\.1.example.org.').to_unicode()
'admin.1.example.org.'
>>> str(ipapython.dnsutil.DNSName(r'admin\.1.example.org.'))
'admin.1.example.org.'

>>> import dns.name
>>> dns.name.from_text(r'admin\.1.example.org.').to_text()
'admin\\.1.example.org.'
>>> dns.name.from_text(r'admin\.1.example.org.').to_unicode()
'admin.1.example.org.'
>>> str(dns.name.from_text(r'admin\.1.example.org.'))
'admin\\.1.example.org.'

to_text() makes explicit _escapify of labels and to_unicode() was doing it impilicitly via _idna_decode but after refacrtoring in https://github.com/rthalley/dnspython/commit/b6d6dba31ff06ccb714cc2a11b73933a4124efb7#diff-c613cb5670c65b9a12619bf4dc5d8438R495 labels are not escaped -- I think it is a bug.

ipa dns-show uses str method to display name.

But I discovered that we are hitting [possibly] another bug, at least in another place: In https://github.com/freeipa/freeipa/blob/87474cc1a3a2782088a78f56c9267109f1fd5b8c/ipalib/rpc.py#L1242 we receive response with not escaped SOA name:

...
"idnssoarname": [{"__dns_name__": "admin.1.ipa.test."}]
...

The upstream fix is too large to integrate it into IPA. I filed a downstream bug for the python-dns package in Fedora, https://bugzilla.redhat.com/show_bug.cgi?id=1674610

Metadata Update from @cheimes:
- Custom field external_tracker adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1674610

2 years ago

python-dns-1.16.0-1.fc30 has been pushed to the Fedora 30 testing repository.

The problem will be automatically fixed by new versions of python3-dns:
python3-dns-1.16.0-7.fc31.noarch
python3-dns-1.16.0-7.fc30.noarch

The updates are currently in testing and will land in stable in the next couple of days. There are no additional changes in IPA required.

Login to comment on this ticket.

Metadata