On Wed, 26 Jul 2023 10:39:58 -0400 Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
> lejeczek via FreeIPA-users wrote: > > > > > > On 26/07/2023 11:07, Jernej Jakob wrote: > >> I don't see the behavior you describe, for example I have DKIN records > >> in the format: > >> > >> "v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..." > >> > >> where "..." is the public key split into multiple chunks of > >> arbitraty length to make it more readable in the FreeIPA WebUI (it has a > >> bug where it doesn't line break long text into multiple lines, but it > >> does line breaks on whitespace) > >> > >> If I dig this record I get exactly the data I entered into the text > >> record box in FreeIPA WebUI. The spaces are left intact in the quoted > >> string. So I don't know how your system behaves as you describe, maybe > >> it's different between versions? > >> > >> If I enter data without quotes, for example 'v=spf1 mx -all' (without > >> the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's > >> what you're seeing? > >> > >> On Wed, 26 Jul 2023 08:57:50 +0200 > >> lejeczek via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > >> > >>> On 24/07/2023 10:13, Jernej Jakob wrote: > >>>> On Sun, 23 Jul 2023 14:22:48 +0200 > >>>> lejeczek via FreeIPA-users <freeipa-users@lists.fedorahosted.org> > >>>> wrote: > >>>> > >>>>> Hi guys. > >>>>> > >>>>> Would you know a correct or best-practice way to add such > >>>>> records. > >>>>> When I look at how those resolve for some(a few a tried) > >>>>> well-know domains - in order to get the same/similar with > >>>>> IPA it seems, that I have to escape some chars, name > >>>>> white-spaces. > >>>>> Is that normal/expected - it did not feel as such to me. > >>>>> > >>>>> many thanks, L. > >>>> Put double quotes around the text. You can also split it into multiple > >>>> quoted strings separated by whitespace. It will be served as-is. > >>>> > >>>> If the record has text and whitespace that is not quoted, each string > >>>> separated by whitespace will be quoted separately. After the client > >>>> concatenates the result the whitespaces will be lost. That's probably > >>>> what you're experiencing. > >>>> > >>>> https://kb.isc.org/docs/aa-00356 > >>> That is what I meant - perhaps vaguely enough - that quotes, > >>> single or double did not do, I still had to escape > >>> white-spaces otherwise each such space did create separate > >>> sting - at least _dig_ shows it that way. > >>> VERSION: 4.10.1, API_VERSION: 2.251 > >>> _______________________________________________ > >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >>> To unsubscribe send an email to > >>> freeipa-users-le...@lists.fedorahosted.org > >>> Fedora Code of Conduct: > >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >>> List Archives: > >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > >>> > >>> Do not reply to spam, report it: > >>> https://pagure.io/fedora-infrastructure/new_issue > > in/with CLI it seems to be a 'must: > > ...-txt-rec='v=spf1\ mx\ a\ ip4:aa.bb.cc.dd\ a:mail.dom.mine\ -all' > > otherwise, without escaping, such record resolves to: > > "v=spf1" "mx" "a" "ip4:..." ..... > > as oppose to one string - which was what I expected. > > So.. it works, there is a way to have it set "correctly" but - if devel > > reads this - it's somewhat counter-intuitive, the quoting is. > > I'm no DNS expert, but I think you need the double quotes around the > value. This is also needed with flat files. > > You can do this by using wrapping the double-quote in single quotes: > > $ ipa -vvv dnsrecord-add example.test test --txt-rec='"v=spf1 mx a > ip4:aa.bb.cc.dd a:mail.dom.mine -all"' > ... > $ dig +short -t txt test.example.test. > "v=spf1 mx a ip4:aa.bb.cc.dd a:mail.dom.mine -all" > > rob > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue Indeed, it seems like BIND takes the value presented to it via bind-dyndb-ldap as a literal replacement of what it would otherwise see in a zone file. FreeIPA doesn't do any "prettying" modification or automatic quoting of a TXT value. I think that's the best way, but might be unintuitive for someone who doesn't expect it and is used to the way other cloud DNS providers do it, which is usually to insert the quotes around the value. So with FreeIPA you have to insert double quotes, like I and Rob pointed out in shell you can single quote the double quoted string and not lose the double quotes. No backslash escaped spaces necessary. Checking behavior with actual queries is always a good idea.
pgp4HtftxAbgM.pgp
Description: OpenPGP digital signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
