[systemd-devel] [PATCH] network: allow domain names up to 255 characters
Lennart Poettering
lennart at poettering.net
Sun Apr 12 09:37:16 PDT 2015
On Sun, 12.04.15 09:21, Nick Owens (mischief at offblast.org) wrote:
> On Sun, Apr 12, 2015 at 6:35 AM, Lennart Poettering
> <lennart at poettering.net> wrote:
> > On Fri, 10.04.15 13:03, Nick Owens (mischief at offblast.org) wrote:
> >
> >> From: mischief <mischief at offblast.org>
> >>
> >> The maximum domain name size is larger than the maximum host name size.
> >> The smaller limit causes valid domains provided by DHCP or .network
> >> files to be silently ignored.
> >
> > Hmm?
> >
> > Can you give an example?
>
> if you set the Domains key in the [Network] section of a
> systemd.network file to a domain longer than a label, then it will be
> ignored. the same is true if your DHCP server sends a domain in option
> 15 (domain name) that is longer than a label. it will be ignored too.
> both of these code paths call 'hostname_is_valid', which will fail if
> passed something larger than a label, which a domain name can be.
"longer than a label"? What do you mean by that? The function should
perfectly consider multi-label names valid? Are you saying you cannot
set the domain name "foo.bar."?
Hmm, so the DHCP spec explicitly declares that options 15 and 12 are
about the DNS hostname, where RFC 1035 is normative. Our function
hostname_is_valid() currently does not validate host names according
to RFC 1035, but is in some way stricter (by enforcing Linux' own semantics
on the length, and by limiting the charset drastically) and in other
ways less strict (by not enforce label length.)
I am pretty sure we should leave hostname_is_valid() the way it is, to
be used when setting local hostnames and things like that. However,
the DHCP code should really validate according to RFC 1035 instead,
since that's what the spec says...
Implementation-wise this probably means we should move
src/resolve/resolved-dns-domain.[ch] into src/shared/dns-domain.[ch]
and then add a call there that works similar to dns_name_normalize()
but doesn't actually normalize, but simply validates.
Hope that makes sense?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list