The pfSense Store

Author Topic: RFC 2136 clients wildcard  (Read 2920 times)

0 Members and 1 Guest are viewing this topic.

Offline CharlieB

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
RFC 2136 clients wildcard
« on: September 03, 2013, 02:53:42 pm »
Hi,

bug or feature?  ;)

Quote
Version:
2.1-RC1 (amd64)
built on Tue Sep 3 02:28:04 EDT 2013
FreeBSD 8.3-RELEASE-p10

1.
I've setup some RFC 2136 clients, but when i set the Hostname with a wildcard to something like *.example.com i will get the message:
"The following input errors were detected: The DNS update host name contains invalid characters."

2.
It would be good if i can tick the AAAA RRs update off because I have a sixxs and a he tunnel with fixed ipv6 but the WAN-Update set the dynamic IPv6 from the ISP.

Sorry for my bad English reading is much more easy.

Greets
CharlieB

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21378
  • Karma: +1431/-26
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #1 on: September 03, 2013, 03:02:17 pm »
Wildcards aren't supported there currently.

I'm not sure what it might take to allow that. It could be as simple as allowing * as a character, or it could be much more complex (e.g. only allowed with a zone key, not a host key, or some other logic)

If you edit out the input validation from the page and save it, and it actually works, then let us know and we can just relax the input validation.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline CharlieB

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #2 on: September 03, 2013, 04:08:55 pm »
Thanks for your answer for my first question.

I have changed the line 633 in /etc/inc/util.inc
from:
       
Code: [Select]
if (preg_match('/^(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i', $domain))to:
       
Code: [Select]
if (preg_match('/^(\*\.)?(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i', $domain))
And it works, my update run correct, but i down know about side-effects:
The function "is_domain" is used in:

/usr/local/www/vpn_ipsec_phase1.php
/usr/local/www/vpn_ipsec_mobile.php
/usr/local/www/wizards/setup_wizard.xml
/usr/local/www/system.php
/usr/local/www/services_router_advertisements.php
/usr/local/www/services_rfc2136_edit.php
/usr/local/www/services_dyndns_edit.php
/usr/local/www/services_dnsmasq_edit.php
/usr/local/www/services_dnsmasq_domainoverride_edit.php
/usr/local/www/services_dhcpv6.php
/usr/local/www/services_dhcp.php
/usr/local/www/services_captiveportal.php
/usr/local/www/interfaces_ppps_edit.php
/usr/local/www/interfaces.php
/usr/local/www/services_dhcp_edit.php

 :(

Greets
CharlieB

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21378
  • Karma: +1431/-26
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #3 on: September 03, 2013, 04:33:17 pm »
Easy fix though. If it leads with *., chop that off, then feed it to is_domain to check.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline CharlieB

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #4 on: September 05, 2013, 07:19:22 pm »
Hi,

in /usr/local/www/services_rfc2136_edit.php I have changed Line 76 I changed
this:
Code: [Select]
if (($_POST['host'] && !is_domain($_POST['host'])))to:
Code: [Select]
if (($_POST['host'] && !is_domain(trim($_POST['host'], '*.'))))and it works.


Greets
CharlieB

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21378
  • Karma: +1431/-26
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #5 on: September 05, 2013, 07:30:41 pm »
No that would trim incorrectly, it would also accept invalid entries like ".example.com" and "*example.com"

You'd have to test for the substring of the first two chars being *. and if they are there, use the remainder of the string.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline ssheikh

  • Full Member
  • ***
  • Posts: 131
  • Karma: +2/-0
    • View Profile
Re: RFC 2136 clients wildcard
« Reply #6 on: September 05, 2013, 08:21:48 pm »
Hmm... Wouldn't it be better to have a wildcard CNAME and the register the name that CNAME points to using dyndns?

Allowing * in the record to be registered makes the assumption that DNS servers would support it. I think out of the box most DNS servers do not support it.