Skip to content

fix: Update CNAME validation logic when creating DNS resource records

Zachary Seguin requested to merge va3zts/44net-portal:fix-cname-validation into main

This corrects the CNAME validation logic when attempting to add resource records to domains and subdomains.

  • Ensures the conflict check applies only to the domain where the record is being added
  • Looks for conflicts ONLY for the exact hostname match, to be compliant with RFC 1034 and RFC 2181

Impact and risks

Low: This is a non-breaking change that adds functionality in a backwards-compatible manner.

Changes

  • Updates CNAME conflict validation logic when creating resource records

Deployment

  • Database migrations: No
  • Configuration changes: No
  • Other dependencies: No

Testing notes

Attempt to create DNS records, specifically:

  1. Create A, AAA and TXT records at test.abc123 in the ampr.org. They should all succeed
  2. Attempt to create a CNAME at test.abc123. It should be blocked.
  3. Create a CNAME at ctest.abc123
  4. Attempt to create other record types at the same hostname (ctest.abc123). They should be blocked.
  5. Create a TXT at _acme-challenge.ctest.abc123. It should be allowed.
  6. Create an A record at test.test.abc123 (assuming the test.abc123 A record still exists). It should succeed.

Checklist

  • Tested locally
  • Updated documentation as needed
  • Linked to issue if applicable
Edited by Zachary Seguin

Merge request reports

Service provided by ARDC - www.ardc.net