Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2922

mongodb+srv:// OptionParser is not allowing valid hostnames in URI ((i.e `mongo.local`)

XMLWordPrintableJSON

    • Needed
    • Hide

      Summary of necessary driver changes

      • If an SRV contains 1 or 2 dot separated parts
        • the returned address MUST end with all parts of the SRV and have an additional domain level
        • i.e. the returned address can only be child of the SRV
      • File a ticket for the next major version requiring that even when an SRV contains 3+ parts, the returned address MUST be a child of the SRV.

      Commits for syncing spec/prose tests
      (and/or refer to an existing language POC if needed)

      • Add new prose tests described in this commit (add link)
      • See NODE PoC here (add link)

      Context for other referenced/linked tickets

      •  
      Show
      Summary of necessary driver changes If an SRV contains 1 or 2 dot separated parts the returned address MUST end with all parts of the SRV and have an additional domain level i.e. the returned address can only be child of the SRV File a ticket for the next major version requiring that even when an SRV contains 3+ parts, the returned address MUST be a child of the SRV. Commits for syncing spec/prose tests (and/or refer to an existing language POC if needed) Add new prose tests described in this commit (add link) See NODE PoC here (add link) Context for other referenced/linked tickets  
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5639 Blocked
      CXX-3075 Blocked
      CSHARP-5200 Blocked
      GODRIVER-3284 Blocked
      JAVA-5542 Blocked
      NODE-6289 Blocked
      MOTOR-1343 Duplicate
      PYTHON-4575 Backlog
      PHPLIB-1491 Blocked
      RUBY-3519 Blocked
      RUST-2001 Blocked
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5639 Blocked CXX-3075 Blocked CSHARP-5200 Blocked GODRIVER-3284 Blocked JAVA-5542 Blocked NODE-6289 Blocked MOTOR-1343 Duplicate PYTHON-4575 Backlog PHPLIB-1491 Blocked RUBY-3519 Blocked RUST-2001 Blocked

      Summary

      We have mongodb cluster deployed in internal network where TXT and SRV records are published for second-level domain service-name.tld.

      This setup works with mongotools and Compass, however any tool that uses Node.js driver will fail with error message:

      Unable to connect: URI must include hostname, domain name, and tld

      This is caused by hard-coded check that hostname has 3 parts in src/connection_string.ts#67:

        if (options.srvHost.split('.').length < 3) {
    // TODO(NODE-3484): Replace with MongoConnectionStringError
    throw new MongoAPIError('URI must include hostname, domain name, and tld');
  }

      This check is redundant because `dns.promises.resolveTxt` is already capable of handling domain errors with appropriate error codes i.e. `dns.BADNAME`

      Thanks!

      Motivation

      Who is the affected end user?

      • Developers using internally managed service discovery tools that use DNS/SRV and have custom host names

      How does this affect the end user?

      • Developers can't use valid URI to connect to mongodb cluster
      • An error is thrown before DNS SRV resolution is attempted

      How likely is it that this problem or use case will occur?

      • Main path, every MongoClient usage throws this error

      If the problem does occur, what are the consequences and how severe are they?

      • Unable to connect

      Is this issue urgent?

      TBD

      Is this ticket required by a downstream team?

      • No, external request

      Is this ticket only for tests?

      • No, functional change

      Acceptance Criteria

      The MongoClient MUST enforce the following:

      • If an SRV contains >= 3 '.' separated parts (no change to existing behavior)
        • the returned address MUST end with all parts of the SRV except the leftmost segment
        • i.e. the returned address can only be a child, sibling, or duplicate of the SRV 
        • Example: mongodb+srv://cluster_1.mongodb.com
          • valid return addresses:
            • hosts_2.mongodb.com // sibling
            • hosts_3.cluster_1.mongodb.com // child
            • mongodb.com // duplicate
          • invalid return address: clusters.fakedb.com
      • If an SRV contains 1 or 2 dot separated parts
        • the returned address MUST end with all parts of the SRV and have an additional domain level
        • i.e. the returned address can only be child of the SRV
        • Example: `mongodb+srv://mongodb.local`
          • valid return addresses:
            • cluster_1.mongodb.local // child
          • invalid return address:
            • hosts_2.local // sibling
            • mongodb.local // duplicate
      • Add new prose tests described in spec

      Follow-Up Requirements

      • File a ticket for the next major version to require that SRVs with 3+ parts MUST only return addresses that are the child of the SRV.
        • Example: the SRV mongodb.co.uk.org has 3+ parts, but could still return evil.co.uk.org if we allow returned address to be siblings of the SRV

            Assignee:
            aditi.khare@mongodb.com Aditi Khare
            Reporter:
            atlas.mongodb.com@yopp.in Alex Yopp
            Neal Beeken Neal Beeken
            Tom Selander Tom Selander
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: