[CDRIVER-3043] valid_hostname() should not rejects strings with trailing dots Created: 26/Mar/19  Updated: 28/Oct/23  Resolved: 16/Jan/20

Status: Closed
Project: C Driver
Component/s: libmongoc, uri
Affects Version/s: 1.9.0
Fix Version/s: 1.16.0

Type: Bug Priority: Minor - P4
Reporter: Jeremy Mikola Assignee: Jeremy Mikola
Resolution: Fixed Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DRIVERS-2057 Determine how drivers should handle t... Backlog
related to DRIVERS-2087 Test parsing of hosts with trailing dots Backlog
is related to SERVER-31965 Mongo Shell does not handle FQDN from... Closed
is related to CDRIVER-2257 Initial DNS Seedlist discovery Closed

 Description   

valid_hostname() rejects strings that start or end with a dot. This method was introduced in a625b39 for CDRIVER-2257. As discussed in mongodb/mongo-php-driver#968, section 3.2.2 of RFC3986 states:

Such a name consists of a sequence of domain labels separated by ".", each domain label starting and ending with an alphanumeric character and possibly also containing "-" characters. The rightmost domain label of a fully qualified domain name in DNS may be followed by a single "." and should be if it is necessary to distinguish between the complete domain name and some local domain.

Between this and the grammar definitions in Collected ABNF for URI, it looks like a trailing dot is permitted in a valid host string. I'm not sure if libmongoc is alone in disallowing trailing dots in its valid_hostname() function, which is used for general URI parsing and DNS seedlist discovery (SRV).

The structure of a hostname not explicitly addressed in the SRV or Connection String specs, but Connection String: Host does reference RFC3986 as the authority on host strings.



 Comments   
Comment by Githook User [ 16/Jan/20 ]

Author:

{'name': 'Jeremy Mikola', 'username': 'jmikola', 'email': 'jmikola@gmail.com'}

Message: CDRIVER-3043 allow trailing dot in SRV service
Branch: master
https://github.com/mongodb/mongo-c-driver/commit/c9e7c8158d21d3975bfda7273e6c40855035ae76

Comment by Jeremy Mikola [ 27/Mar/19 ]

In this comment in mongodb/mongo-php-driver#968, I realize the significance of a trailing dot in a host name to indicate the "root of the DNS tree" and prevent a resolver from appending a system default domain name. The user in question was applying a trailing dot in their connection string to utilize Consul DNS on Kubernetes, but libmongoc rejected an SRV result for not including the same trailing dot.

Noting the use of trialing dots for this purpose, I'm curious if validate_srv_result() would be justified in allowing an optional trailing dot in the original service string and ignoring it for the purposes of suffix matching. Alternatively, I'm curious if there is a fault or risk in our existing suffix matching because we may be doing these comparisons before a DNS server might append its own suffix during resolution.

Generated at Wed Feb 07 21:17:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.