Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251
I don't see the behavior you describe, for example I have DKIN records in the format:
"v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..."
where "..." is the public key split into multiple chunks of arbitraty length to make it more readable in the FreeIPA WebUI (it has a bug where it doesn't line break long text into multiple lines, but it does line breaks on whitespace)
If I dig this record I get exactly the data I entered into the text record box in FreeIPA WebUI. The spaces are left intact in the quoted string. So I don't know how your system behaves as you describe, maybe it's different between versions?
If I enter data without quotes, for example 'v=spf1 mx -all' (without the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's what you're seeing?
On Wed, 26 Jul 2023 08:57:50 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
On Wed, 26 Jul 2023 11:07:17 +0200 Jernej Jakob via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I don't see the behavior you describe, for example I have DKIN records in the format:
"v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..."
where "..." is the public key split into multiple chunks of arbitraty length to make it more readable in the FreeIPA WebUI (it has a bug where it doesn't line break long text into multiple lines, but it does line breaks on whitespace)
If I dig this record I get exactly the data I entered into the text record box in FreeIPA WebUI. The spaces are left intact in the quoted string. So I don't know how your system behaves as you describe, maybe it's different between versions?
If I enter data without quotes, for example 'v=spf1 mx -all' (without the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's what you're seeing?
On Wed, 26 Jul 2023 08:57:50 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
I forgot to add - FreeIPA VERSION: 4.9.11, API_VERSION: 2.251, I'm managing DNS through WebUI. Perhaps it's different in CLI, maybe you have to specially escape the double quotes so that they don't get removed by the shell? e.g. '"txt record data ..."' or ""data ...""
On 26/07/2023 11:07, Jernej Jakob wrote:
I don't see the behavior you describe, for example I have DKIN records in the format:
"v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..."
where "..." is the public key split into multiple chunks of arbitraty length to make it more readable in the FreeIPA WebUI (it has a bug where it doesn't line break long text into multiple lines, but it does line breaks on whitespace)
If I dig this record I get exactly the data I entered into the text record box in FreeIPA WebUI. The spaces are left intact in the quoted string. So I don't know how your system behaves as you describe, maybe it's different between versions?
If I enter data without quotes, for example 'v=spf1 mx -all' (without the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's what you're seeing?
On Wed, 26 Jul 2023 08:57:50 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
in/with CLI it seems to be a 'must: ...-txt-rec='v=spf1\ mx\ a\ ip4:aa.bb.cc.dd\ a:mail.dom.mine\ -all' otherwise, without escaping, such record resolves to: "v=spf1" "mx" "a" "ip4:..." ..... as oppose to one string - which was what I expected. So.. it works, there is a way to have it set "correctly" but - if devel reads this - it's somewhat counter-intuitive, the quoting is. thanks, L.
lejeczek via FreeIPA-users wrote:
On 26/07/2023 11:07, Jernej Jakob wrote:
I don't see the behavior you describe, for example I have DKIN records in the format:
"v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..."
where "..." is the public key split into multiple chunks of arbitraty length to make it more readable in the FreeIPA WebUI (it has a bug where it doesn't line break long text into multiple lines, but it does line breaks on whitespace)
If I dig this record I get exactly the data I entered into the text record box in FreeIPA WebUI. The spaces are left intact in the quoted string. So I don't know how your system behaves as you describe, maybe it's different between versions?
If I enter data without quotes, for example 'v=spf1 mx -all' (without the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's what you're seeing?
On Wed, 26 Jul 2023 08:57:50 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
in/with CLI it seems to be a 'must: ...-txt-rec='v=spf1\ mx\ a\ ip4:aa.bb.cc.dd\ a:mail.dom.mine\ -all' otherwise, without escaping, such record resolves to: "v=spf1" "mx" "a" "ip4:..." ..... as oppose to one string - which was what I expected. So.. it works, there is a way to have it set "correctly" but - if devel reads this - it's somewhat counter-intuitive, the quoting is.
I'm no DNS expert, but I think you need the double quotes around the value. This is also needed with flat files.
You can do this by using wrapping the double-quote in single quotes:
$ ipa -vvv dnsrecord-add example.test test --txt-rec='"v=spf1 mx a ip4:aa.bb.cc.dd a:mail.dom.mine -all"' ... $ dig +short -t txt test.example.test. "v=spf1 mx a ip4:aa.bb.cc.dd a:mail.dom.mine -all"
rob
On Wed, 26 Jul 2023 10:39:58 -0400 Rob Crittenden via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
lejeczek via FreeIPA-users wrote:
On 26/07/2023 11:07, Jernej Jakob wrote:
I don't see the behavior you describe, for example I have DKIN records in the format:
"v=DKIM1; k=rsa; t=s; " "p=MIIB..." "..."
where "..." is the public key split into multiple chunks of arbitraty length to make it more readable in the FreeIPA WebUI (it has a bug where it doesn't line break long text into multiple lines, but it does line breaks on whitespace)
If I dig this record I get exactly the data I entered into the text record box in FreeIPA WebUI. The spaces are left intact in the quoted string. So I don't know how your system behaves as you describe, maybe it's different between versions?
If I enter data without quotes, for example 'v=spf1 mx -all' (without the single quotes) dig will return "v=spf1" "mx" "-all", maybe that's what you're seeing?
On Wed, 26 Jul 2023 08:57:50 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 24/07/2023 10:13, Jernej Jakob wrote:
On Sun, 23 Jul 2023 14:22:48 +0200 lejeczek via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi guys.
Would you know a correct or best-practice way to add such records. When I look at how those resolve for some(a few a tried) well-know domains - in order to get the same/similar with IPA it seems, that I have to escape some chars, name white-spaces. Is that normal/expected - it did not feel as such to me.
many thanks, L.
Put double quotes around the text. You can also split it into multiple quoted strings separated by whitespace. It will be served as-is.
If the record has text and whitespace that is not quoted, each string separated by whitespace will be quoted separately. After the client concatenates the result the whitespaces will be lost. That's probably what you're experiencing.
That is what I meant - perhaps vaguely enough - that quotes, single or double did not do, I still had to escape white-spaces otherwise each such space did create separate sting - at least _dig_ shows it that way. VERSION: 4.10.1, API_VERSION: 2.251 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
in/with CLI it seems to be a 'must: ...-txt-rec='v=spf1\ mx\ a\ ip4:aa.bb.cc.dd\ a:mail.dom.mine\ -all' otherwise, without escaping, such record resolves to: "v=spf1" "mx" "a" "ip4:..." ..... as oppose to one string - which was what I expected. So.. it works, there is a way to have it set "correctly" but - if devel reads this - it's somewhat counter-intuitive, the quoting is.
I'm no DNS expert, but I think you need the double quotes around the value. This is also needed with flat files.
You can do this by using wrapping the double-quote in single quotes:
$ ipa -vvv dnsrecord-add example.test test --txt-rec='"v=spf1 mx a ip4:aa.bb.cc.dd a:mail.dom.mine -all"' ... $ dig +short -t txt test.example.test. "v=spf1 mx a ip4:aa.bb.cc.dd a:mail.dom.mine -all"
rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Indeed, it seems like BIND takes the value presented to it via bind-dyndb-ldap as a literal replacement of what it would otherwise see in a zone file. FreeIPA doesn't do any "prettying" modification or automatic quoting of a TXT value. I think that's the best way, but might be unintuitive for someone who doesn't expect it and is used to the way other cloud DNS providers do it, which is usually to insert the quotes around the value. So with FreeIPA you have to insert double quotes, like I and Rob pointed out in shell you can single quote the double quoted string and not lose the double quotes. No backslash escaped spaces necessary. Checking behavior with actual queries is always a good idea.
freeipa-users@lists.fedorahosted.org
-
Jernej Jakob -
lejeczek -
Rob Crittenden