[SERVER-39008] SRV Records Incorrectly Require Same Domain Created: 15/Jan/19 Updated: 27/Oct/23 Resolved: 23/Jan/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Networking |
| Affects Version/s: | 4.0.5, 4.1.1, 4.1.4 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Oliver Isaac | Assignee: | Eric Sedor |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL |
| Steps To Reproduce: | Create a SRV record on a domain that points to entries in a different domain. |
| Participants: |
| Description |
|
When connecting to a domain via SRV record, each host in the SRV record is being checked to see if it is in the same domain as the SRV entry. Thus, if we have a SRV record that returns 3 hosts: _mongodb._tcp.example.org -> host1.domain.com, host2.domai.com, host3.otherdomain.com
Mongo components return an error similar to: "Domain suffix from SRV record not matched input domain" or "Hostname host1.domain.com. is not within the domain example.org".
Code that causes this is here: https://github.com/mongodb/mongo/blob/master/src/mongo/client/mongo_uri.cpp#L428-L432 https://github.com/mongodb/mongo-tools/blob/master/common/connstring/connstring.go#L468-L488
|
| Comments |
| Comment by Eric Sedor [ 17/Jan/19 ] |
|
Hi Oliver, thanks for your patience. At this time, the requirement that all SRV records have the same parent is by design. Unfortunately for security reasons this is not likely to change in the near future. |