[SERVER-39008] SRV Records Incorrectly Require Same Domain Created: 15/Jan/19  Updated: 27/Oct/23  Resolved: 23/Jan/19

Status: Closed
Project: Core Server
Component/s: Networking
Affects Version/s: 4.0.5, 4.1.1, 4.1.4
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Oliver Isaac Assignee: Eric Sedor
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Steps To Reproduce:

Create a SRV record on a domain that points to entries in a different domain.

Participants:

 Description   

When connecting to a domain via SRV record, each host in the SRV record is being checked to see if it is in the same domain as the SRV entry.

Thus, if we have a SRV record that returns 3 hosts:

_mongodb._tcp.example.org -> host1.domain.com, host2.domai.com, host3.otherdomain.com

 

Mongo components return an error similar to: "Domain suffix from SRV record not matched input domain" or "Hostname host1.domain.com. is not within the domain example.org".

 

Code that causes this is here: https://github.com/mongodb/mongo/blob/master/src/mongo/client/mongo_uri.cpp#L428-L432

https://github.com/mongodb/mongo-tools/blob/master/common/connstring/connstring.go#L468-L488

 



 Comments   
Comment by Eric Sedor [ 17/Jan/19 ]

Hi Oliver, thanks for your patience. At this time, the requirement that all SRV records have the same parent is by design. Unfortunately for security reasons this is not likely to change in the near future.

Generated at Thu Feb 08 04:50:44 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.