Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2922

Allow valid SRV hostnames with less than 3 parts

    • Needed
    • Hide

      Summary of necessary driver changes

      • If an SRV contains 1 or 2 dot separated parts
        • the returned address share the SRV's domain and have an additional domain level
        • i.e. the returned address can only be child of the SRV

      Commits for syncing spec/prose tests and POC

      Show
      Summary of necessary driver changes If an SRV contains 1 or 2 dot separated parts the returned address share the SRV's domain and have an additional domain level i.e. the returned address can only be child of the SRV Commits for syncing spec/prose tests and POC Add new prose tests described in this commit See NODE PoC here
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5639 Backlog
      CXX-3075 Backlog
      CSHARP-5200 In Code Review
      GODRIVER-3284 Ready for Work
      JAVA-5542 Done
      NODE-6289 Fixed 6.10.0
      MOTOR-1343 Duplicate
      PYTHON-4575 Ready for Work 4.11
      PHPLIB-1491 Blocked
      RUBY-3519 Backlog
      RUST-2001 Fixed 3.2.0
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5639 Backlog CXX-3075 Backlog CSHARP-5200 In Code Review GODRIVER-3284 Ready for Work JAVA-5542 Done NODE-6289 Fixed 6.10.0 MOTOR-1343 Duplicate PYTHON-4575 Ready for Work 4.11 PHPLIB-1491 Blocked RUBY-3519 Backlog RUST-2001 Fixed 3.2.0

      Summary

      We have mongodb cluster deployed in internal network where TXT and SRV records are published for second-level domain service-name.tld.

      This setup works with mongotools and Compass, however any tool that uses Node.js driver will fail with error message:

      Unable to connect: URI must include hostname, domain name, and tld
      

      This is caused by hard-coded check that hostname has 3 parts in src/connection_string.ts#67:

        if (options.srvHost.split('.').length < 3) {
          // TODO(NODE-3484): Replace with MongoConnectionStringError
          throw new MongoAPIError('URI must include hostname, domain name, and tld');
        }
      

      This check is redundant because `dns.promises.resolveTxt` is already capable of handling domain errors with appropriate error codes i.e. `dns.BADNAME`

      Thanks!

      Motivation

      Who is the affected end user?

      • Developers using internally managed service discovery tools that use DNS/SRV and have custom host names

      How does this affect the end user?

      • Developers can't use valid URI to connect to mongodb cluster
      • An error is thrown before DNS SRV resolution is attempted

      How likely is it that this problem or use case will occur?

      • Main path, every MongoClient usage throws this error

      If the problem does occur, what are the consequences and how severe are they?

      • Unable to connect

      Is this issue urgent?

      TBD

      Is this ticket required by a downstream team?

      • No, external request

      Is this ticket only for tests?

      • No, functional change

      Acceptance Criteria

      The MongoClient MUST enforce the following:

      • If an SRV contains >= 3 '.' separated parts (no change to existing behavior)
        • the returned address MUST end with all parts of the SRV except the leftmost segment
        • i.e. the returned address can only be a child, sibling, or duplicate of the SRV 
        • Example: mongodb+srv://cluster_1.mongodb.com
          • valid return addresses:
            • hosts_2.mongodb.com // sibling
            • hosts_3.cluster_1.mongodb.com // child
            • mongodb.com // duplicate
          • invalid return address: clusters.fakedb.com
      • If an SRV contains 1 or 2 dot separated parts
        • the returned address MUST end with all parts of the SRV and have an additional domain level
        • i.e. the returned address can only be child of the SRV
        • Example: `mongodb+srv://mongodb.local`
          • valid return addresses:
            • cluster_1.mongodb.local // child
          • invalid return address:
            • hosts_2.local // sibling
            • mongodb.local // duplicate
      • Add new prose tests described in spec

      Follow-Up Requirements

      • File a ticket for the next major version to require that SRVs with 3+ parts MUST only return addresses that are the child of the SRV.
        • Example: the SRV mongodb.co.uk.org has 3+ parts, but could still return evil.co.uk.org if we allow returned address to be siblings of the SRV

            Assignee:
            aditi.khare@mongodb.com Aditi Khare
            Reporter:
            atlas.mongodb.com@yopp.in Alex Yopp
            Neal Beeken Neal Beeken
            Tom Selander Tom Selander
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: