DNS validation fix (exposed by dkim)

Discussion in 'Developers' Forum' started by ispcomm, Aug 18, 2015.

  1. ispcomm

    ispcomm Member

    I am going to be short, but effective :)
    I was playing with DKIM and tried to add records to one domain. The validator would not let me add the correct record (i.e. k1._domainkey) because of the underscore

    The regex in the form checking needs updating from
    'regex' => '/^[a-zA-Z0-9\.\-\*]{0,255}$/',
    'regex' => '/^[a-zA-Z0-9\.\-\*\_]{0,255}$/',

    to include the _

    I hope this is fixed ASAP upstream

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I use the ispconfig dkim plugin and it works fine in and it works also in 3.1-dev without the above change.
  3. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Your suggested regex is a part of the dkim-plugin. If you want to use dkim on your own, you can change the regex. But you should use the patch from here.
  4. ispcomm

    ispcomm Member

    Please don't focus on DKIM itself. I am posting a fix for a generic DNS handling problem. DKIM is irrelevant. Underscores are used in Windows AD names and may be used for any other purpose. The current regexp is too restrictive. I'm running the last as well.
  5. florian030

    florian030 Well-Known Member HowtoForge Supporter

    This is already integrated in 3.1:
    regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/'

    If you need this with the current release, adjust the regex or use the dkim-patch for I don´t know, why you need * for a txt-record.
  6. ispcomm

    ispcomm Member

    Thank you florian, I already patched my regex, but reported back my findings.
    Regarding the '*' I just took the current regex, which contained a '*' and added the underscore. I.e. it was there.
    Also the regex is unique for the 'name' field so a '*' does apply in some cases (I guess legacy mydns stuff).
  7. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Assuming that * is for wildcard DNS records, they can be used with TXT, eg. you can create a wildcard SPF record to disallow using bogus hostnames from your domain in smtp HELO.
    *               IN      TXT     "v=spf1 a -all"
    I setup some tracking exists: records for fun (see http://www.openspf.org/RFC_4408#macros) and found completely random/unrelated servers on the internet identifying to other unrelated systems as bogus hostnames from our domain. (Also as valid hostnames and as former/old mail server names.)
    It's a tiny bit of mail/spam that gets blocked with that wildcard SPF record, but doesn't hurt. (I initially setup the tracking exists: to see how many former customers might have machines identifying on our domain, and (to my surprise) it was almost zero, so the wildcard -all remains.)

Share This Page