RFC 2136 clients wildcard

  • Hi,

    bug or feature?  ;)

    2.1-RC1 (amd64)
    built on Tue Sep 3 02:28:04 EDT 2013
    FreeBSD 8.3-RELEASE-p10

    I've setup some RFC 2136 clients, but when i set the Hostname with a wildcard to something like *.example.com i will get the message:
    "The following input errors were detected: The DNS update host name contains invalid characters."

    It would be good if i can tick the AAAA RRs update off because I have a sixxs and a he tunnel with fixed ipv6 but the WAN-Update set the dynamic IPv6 from the ISP.

    Sorry for my bad English reading is much more easy.


  • Rebel Alliance Developer Netgate

    Wildcards aren't supported there currently.

    I'm not sure what it might take to allow that. It could be as simple as allowing * as a character, or it could be much more complex (e.g. only allowed with a zone key, not a host key, or some other logic)

    If you edit out the input validation from the page and save it, and it actually works, then let us know and we can just relax the input validation.

  • Thanks for your answer for my first question.

    I have changed the line 633 in /etc/inc/util.inc
    if (preg_match('/^(?:(?:[a-z0-9]|[a-z0-9][a-z0-9-][a-z0-9]).)(?:[a-z0-9]|[a-z0-9][a-z0-9-]*[a-z0-9])$/i', $domain))

    if (preg_match('/^(\*\.)?(?:(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*(?:[a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])$/i', $domain))

    And it works, my update run correct, but i down know about side-effects:
    The function "is_domain" is used in:




  • Rebel Alliance Developer Netgate

    Easy fix though. If it leads with *., chop that off, then feed it to is_domain to check.

  • Hi,

    in /usr/local/www/services_rfc2136_edit.php I have changed Line 76 I changed

    if (($_POST['host'] && !is_domain($_POST['host'])))


    if (($_POST['host'] && !is_domain(trim($_POST['host'], '*.'))))

    and it works.


  • Rebel Alliance Developer Netgate

    No that would trim incorrectly, it would also accept invalid entries like ".example.com" and "*example.com"

    You'd have to test for the substring of the first two chars being *. and if they are there, use the remainder of the string.

  • Hmm… Wouldn't it be better to have a wildcard CNAME and the register the name that CNAME points to using dyndns?

    Allowing * in the record to be registered makes the assumption that DNS servers would support it. I think out of the box most DNS servers do not support it.

Log in to reply