[CDRIVER-3043] valid_hostname() should not rejects strings with trailing dots Created: 26/Mar/19 Updated: 28/Oct/23 Resolved: 16/Jan/20 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | libmongoc, uri |
| Affects Version/s: | 1.9.0 |
| Fix Version/s: | 1.16.0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Jeremy Mikola | Assignee: | Jeremy Mikola |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | neweng | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Description |
|
valid_hostname() rejects strings that start or end with a dot. This method was introduced in a625b39 for
Between this and the grammar definitions in Collected ABNF for URI, it looks like a trailing dot is permitted in a valid host string. I'm not sure if libmongoc is alone in disallowing trailing dots in its valid_hostname() function, which is used for general URI parsing and DNS seedlist discovery (SRV). The structure of a hostname not explicitly addressed in the SRV or Connection String specs, but Connection String: Host does reference RFC3986 as the authority on host strings. |
| Comments |
| Comment by Githook User [ 16/Jan/20 ] |
|
Author: {'name': 'Jeremy Mikola', 'username': 'jmikola', 'email': 'jmikola@gmail.com'}Message: |
| Comment by Jeremy Mikola [ 27/Mar/19 ] |
|
In this comment in mongodb/mongo-php-driver#968, I realize the significance of a trailing dot in a host name to indicate the "root of the DNS tree" and prevent a resolver from appending a system default domain name. The user in question was applying a trailing dot in their connection string to utilize Consul DNS on Kubernetes, but libmongoc rejected an SRV result for not including the same trailing dot. Noting the use of trialing dots for this purpose, I'm curious if validate_srv_result() would be justified in allowing an optional trailing dot in the original service string and ignoring it for the purposes of suffix matching. Alternatively, I'm curious if there is a fault or risk in our existing suffix matching because we may be doing these comparisons before a DNS server might append its own suffix during resolution. |