Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

INWX: Quoted HTTPS entries don't work #2947

Open
brknkfr opened this issue May 9, 2024 · 8 comments
Open

INWX: Quoted HTTPS entries don't work #2947

brknkfr opened this issue May 9, 2024 · 8 comments
Labels
provider-INWX

Comments

@brknkfr
Copy link

brknkfr commented May 9, 2024
edited

Describe the bug
I can create HTTPS (#2930) records on INWX provider, but the records are saved with quotes and they are not working.

Text field on INWX web interface looks like this:

1 . alpn="h2" port="443" ipv4hint="123.123.123.123"

Unfortunately, INWX doesn't like quotes and doesn't return anyhting for a HTTPS request (tested with dig -t HTTPS domain.tld).

A HTTPS record entry without quotes works. Changing it manually to following in the INWX web interface works.

1 . alpn=h2 port=443 ipv4hint=123.123.123.123

After that change, dig -t HTTPS domain.tld returns exptected result. But with that manually changed entry, dnscontrol won't work anymore.

./dnscontrol ppreview
CONCURRENTLY gathering 0 zone(s)
SERIALLY gathering 1 zone(s)
Serially Gathering: "domain.tld"
******************** Domain: domain.tld
#1: Domain "domain.tld" provider inwx Error: INWX: unparsable record received: unknown rtype (HTTPS) when parsing (1 . ipv4hint=123.123.123.123 alpn=h2 port=443) domain=(domain.tld)

To Reproduce
Steps to reproduce the behavior:

  1. Create a dnsconfig.js file with a HTTPS record entry for the INWX provider and publish it.
  2. DNS queries for HTTPS records are empty.

Expected behavior
dnscontrol should unquote the HTTPS entries for the INWX provider before publishing them. Unfortunately I do not know enought Go to create a pull request.

DNS Provider

  • IWNX
@brknkfr
Copy link
Author

brknkfr commented May 9, 2024

Maybe you can help out? @tlimoncelli @patschi @christianbur

@tlimoncelli
Copy link
Contributor

Interesting! It looks like both Cloudflare and IWNX reject quotes in those situations.

@fritterhoff: Sounds like we need to not generate those quotes. Maybe file a bug report with https://github.com/miekg/dns ?

@fritterhoff
Copy link
Contributor

Yeah. I sadly forgot to fill a bug report and prepare a MR for this issue. Will do later.

@fritterhoff
Copy link
Contributor

@tlimoncelli prop thats a corner case of the RFC.
The RFC permits using:

Each SvcParamKey SHALL appear at most once in the SvcParams.  In
   presentation format, SvcParamKeys are lowercase alphanumeric strings.
   Key names contain 1-63 characters from the ranges "a"-"z", "0"-"9",
   and "-".  In ABNF [RFC5234],

   alpha-lc      = %x61-7A   ; a-z
   SvcParamKey   = 1*63(alpha-lc / DIGIT / "-")
   SvcParam      = SvcParamKey ["=" SvcParamValue]
   SvcParamValue = char-string ; See Appendix A.
   value         = *OCTET ; Value before key-specific parsing

And defines:

   ; non-special is VCHAR minus DQUOTE, ";", "(", ")", and "\".
   non-special = %x21 / %x23-27 / %x2A-3A / %x3C-5B / %x5D-7E
   ; non-digit is VCHAR minus DIGIT.
   non-digit   = %x21-2F / %x3A-7E
   ; dec-octet is a number 0-255 as a three-digit decimal number.
   dec-octet   = ( "0" / "1" ) 2DIGIT /
                 "2" ( ( %x30-34 DIGIT ) / ( "5" %x30-35 ) )
   escaped     = "\" ( non-digit / dec-octet )
   contiguous  = 1*( non-special / escaped )
   quoted      = DQUOTE *( contiguous / ( ["\"] WSP ) ) DQUOTE
   char-string = contiguous / quoted

Using this specs an enquoted string would be valid. I am not sure if a bug report for miekg/dns would be legit.

@tlimoncelli
Copy link
Contributor

tlimoncelli commented May 9, 2024
edited

Thank you for finding that in the RFC (I was about to look for it myself!)

Yes, I agree. It would be more of a feature request for miekg/dns than a bug report.

That said, it would be easy to fix on our end. Something like (untested):

v := kv.String()
last := len(v)-1
if len(v) > 0 && v[0] == '"' && v[last] == '"' {
  inner := v[1:last]
  if !strings.ContainsAny(inner, "\" \t\\") {
      v = inner // Remove unnecessary quoting
  }
}

Bonus points for sending a feature request to miekg/dns :)

Tom

@brknkfr
Copy link
Author

brknkfr commented May 10, 2024
edited

Btw, getting the records, with a "valid" HTTPS record on INWX, throws an error too.

./dnscontrol ppreview
CONCURRENTLY gathering 0 zone(s)
SERIALLY gathering 1 zone(s)
Serially Gathering: "domain.tld"
******************** Domain: domain.tld
#1: Domain "domain.tld" provider inwx Error: INWX: unparsable record received: unknown rtype (HTTPS) when parsing (1 . ipv4hint=123.123.123.123 alpn=h2 port=443) domain=(domain.tld)

@fritterhoff
Copy link
Contributor

Thats a little bit strange. I will try to debug the HTTPS record the next few days again.

@fritterhoff
Copy link
Contributor

Sorry I've been pretty busy the last few days. Sadly I only can really test AXFR and BIND with real data (and cloudflare with some test data)

For my use cases it is working fine... at least until now. Right now I only could offer to rewrite the (de)serialization with some own logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
provider-INWX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cafferata @brknkfr @tlimoncelli @fritterhoff