dnscontrol: NETCUP: Parsed `CNAME`, `TLSA` entries cannot be used w/ other providers

When trying to push CNAME, TLSA entries in js format to another provider (tested w/ DESEC), the following cause problems:

CNAME('www', '\@.')
-->
2022/01/04 17:42:50 printIR.go:94: ERROR: in CNAME www.example.org: target (@.) includes invalid char

Here, unless there is a unified placeholder for the domain name, the latter should be included in verbatim.

TLSA('_tcp', 0, 0, 0, '2 1 2 77[…]')
-->
CREATE TLSA _tcp.example.org 0 0 0 2 1 2 77[…] ttl=3600

FAILURE! failed create RRset (deSEC): HTTP status 400 Bad Request Body: [{},{},{},{},{"non_field_errors":["Record content for type TLSA malformed: Odd-length string"]},{}], the API does not provide more information

Here, the correct values for parameters 2–4 should be stripped from parameter 5.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 16 (11 by maintainers)

Most upvoted comments

Yeah, I can wrangle with this on the weekend. Thanks for locating it - I can probably reproduce it with one of my domains then.

+1
kordianbruck on Jan 5, 2022

Thanks!

@kordianbruck: Does that give you enough info to fix the issue? It looks like that function needs to special-case “@”. As the owner of this provider, I should hand this over to you.

+1
tlimoncelli on Jan 5, 2022
Read more comments on GitHub
← dnscontrol: MAINT: PopulateFromString should use SetTargetTXT, not SetTargetTXTString
dnscontrol: Route53 get-zones/preview/push doesn't handle trailing dots consistently →