[DOCS-12574] Clarify required host/domain format for mongodb+srv connection strings Created: 26/Mar/19  Updated: 30/Oct/23  Resolved: 06/Jun/23

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Task Priority: Critical - P2
Reporter: Jeremy Mikola Assignee: Joseph Dougherty
Resolution: Fixed Votes: 0
Labels: reopened, triage
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to DRIVERS-2123 Add justification for host/domain req... Backlog
Participants:
Days since reply: 1 year, 14 weeks, 2 days ago
Story Points: 0.1

 Description   

Description

A user in mongodb/mongo-php-driver#968 encountered an exception attempting to use a hostname with less than two dots (e.g. "mongo" instead of "mongo.example.com") in conjunction with a mongodb+srv connection string scheme.

I was attempting to dig up documentation about the required format of the SRV host/domain string but was unable to find anything across the following:

AFAIK, the only place we explicitly mention this requirement is in the driver specification.

Is this worth addressing in the MongoDB manual around existing SRV examples?

Scope of changes

  • Update section to specify that the hostname *must* be <hostname>.<domain>.<TLD>. You cannot specify the hostname alone.
  • Update section to specify that the individual SRV records must be in _mongodb.tcp.<hostname>.<domainname>.<TLD> format
  • Backport to 3.6

 



 Comments   
Comment by Jeremy Mikola [ 01/Nov/22 ]

The changes in Ravind's last scope update still seem applicable to https://www.mongodb.com/docs/manual/reference/connection-string/#std-label-connections-dns-seedlist

Comment by Education Bot [ 31/Oct/22 ]

Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!

Comment by Jeremy Mikola [ 26/Mar/19 ]

ravind.kumar: Perhaps a bit further down:

A driver MUST verify that in addition to the {hostname}, the {domainname} consists of at least two parts: the domain name, and a TLD. Drivers MUST raise an error and MUST NOT contact the DNS server to obtain SRV (or TXT records) if the full URI does not consists of at least three parts.

david.golden clarified in Slack that the two (or more) dot requirement is likely something MongoDB is enforcing and not part of the SRV specification itself:

IIRC, the number of dots requirement was a security-related issue, to try to guarantee subdomains. So that "good.com" SRV record can't return "db1.evil.com".

we do have a suffix check, but we want to enforce that the suffix is "long enough" and we didn't want to have drivers use a TLD registry.

That might explain why I didn't find any mention of this in the RFC. Assuming the security motivations are correct, I think we (drivers) would do well to document this in our spec's Justifications. I'll make a separate ticket for that.

Comment by Ravind Kumar (Inactive) [ 26/Mar/19 ]

jmikola are you referencing this line?

 

In this preprocessing step, the driver will query the DNS server for SRV records on {hostname}.{domainname}, prefixed with _mongodb._tcp.:

_mongodb._tcp.{hostname}.{domainname}

 

Which is to say, we should be explicit that we specifically look for _mongodb._tcp.<hostname>.<domain> , not just <hostname>.<domain>

Generated at Thu Feb 08 08:05:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.