RT/krbdev.mit.edu: Ticket #1383 SRV record "." target, trailing dots

RT/krbdev.mit.edu: Ticket #1383 SRV record "." target, trailing dots

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
1383

Status
resolved

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-libs
Version_reported
Version_Fixed	1.4
Target_Version
Tags

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

1549: (raeburn) negative SRV records [resolved]

Dates

Created:	Fri Mar 14 19:07:13 2003
Starts:	Not set
Started:	Thu Oct 7 18:51:04 2004
Last Contact:	Thu Oct 7 18:48:30 2004
Due:	Not set
Updated:	Thu Dec 9 20:45:16 2004 by tlyu

People

Owner
Nobody
Requestors
raeburn@mit.edu
Cc

AdminCc

More about Ken Raeburn

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

1080: kprop should have sanity checks for database shrinkage (new)
5992: incorporate Sun's incremental propagation code (open)
1213: web page needs pointer to KfM, KfW docs (new)
1239: test suites should kill servers on exiting (new)
1250: test suite uses fixed filenames in shared space (new)
1268: config option for kinit to skip krb524 (new)
1282: need standard way of finding keytab (new)
1291: rcp test cases too strict in output checking (open)
1301: profile library update leaves brief window with no file on Windows (open)
1312: profile locking at wrong level when re-reading file (open)
1316: KDC TCP support needs better denial-of-service protection (new)
1354: des3 string-to-key doesn't check for weak keys (open)
1379: kprop can't handle remote-realm slave (new)
1381: hostnames in config files (new)
1404: zapping sensitive data before freeing (open)
1453: don't serialize DNS queries and KDC communication (new)
1472: test suite should try a little harder to get root shell (open)
1496: get rid of kadmin/v4server and v5passwdd ? (new)
1509: make test suite work for Sam :-) (new)
1510: kadmin arg parsing (new)
1511: reconsider structure of code for locating and contacting kdc, krb524d, kpasswd (new)
1531: missing or out-of-date copyright notices (new)
1544: [Ken Hornstein <kenh@cmf.nrl.navy.mil>] Re: ASN.1 failed call to system time library (new)
1583: use locate_server for krb4 kdc location (new)
1584: reduce storage needs for nightly testing results (new)

History

Display mode: [Brief headers] [Full headers]

Fri Mar 14 19:07:14 2003	raeburn - Ticket created
To: krb5-bugs@MIT.EDU Subject: SRV record support From: Ken Raeburn <raeburn@MIT.EDU> Date: Fri, 14 Mar 2003 19:07:10 -0500 The RFC says a SRV record can have a target name of ".", meaning "service not available". We don't handle that case. I think (but can't quite confirm, yet) that the target name is supposed to be a complete name. So if a hostname is returned without a trailing ".", we might want to add one before looking it up. Ken		Download (untitled) 320b
Fri Mar 14 19:45:44 2003	tlyu - Correspondence added
To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #1383] SRV record support From: Tom Yu <tlyu@mit.edu> Date: Fri, 14 Mar 2003 19:45:43 -0500 RT-Send-Cc: >>>>> "Ken" == Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes: Ken> I think (but can't quite confirm, yet) that the target name is Ken> supposed to be a complete name. So if a hostname is returned without Ken> a trailing ".", we might want to add one before looking it up. RFC 1035 says that a <domain-name> is terminated with a zero-length label, which seems to indicate that the target name is absolute. RFC 1034 also indicates that relative names are mostly a user interface thing. ---Tom		Download (untitled) 504b
Thu Oct 7 18:48:28 2004	tlyu - Correspondence added
To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #1383] SRV record support From: Tom Yu <tlyu@mit.edu> Date: Thu, 07 Oct 2004 18:48:26 -0400 RT-Send-Cc: >>>>> "Ken" == Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes: Ken> I think (but can't quite confirm, yet) that the target name is Ken> supposed to be a complete name. So if a hostname is returned without Ken> a trailing ".", we might want to add one before looking it up. I checked a little bit of the source code of dn_expand() and ns_name_uncompress(), and neither returns a trailing dot unless the root domain is what's being expanded. Even though a SRV record is supposed to have a complete domain name as the target, and would logically be represented with a trailing dot, the resolver API doesn't show us the trailing dot. This means that we'll have to explicitly append a trailing dot so that further lookups will bypass the local domain search. ---Tom		Download (untitled) 774b
Thu Oct 7 18:51:03 2004	tlyu - Subject changed from SRV record support to SRV record "." target, trailing dots
Thu Oct 7 18:51:04 2004	tlyu - Status changed from new to open
Thu Oct 7 18:51:05 2004	tlyu - Component krb5-libs added
Thu Dec 9 20:45:13 2004	tlyu - Status changed from open to resolved
Thu Dec 9 20:45:13 2004	tlyu - Version_Fixed 1.4 added
Thu Dec 9 20:45:14 2004	tlyu - Comments added
Trailing "." appended already in lib/krb5/os/dnssrv.c:5.7. Closing.		Download (untitled) 68b