mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

PTR should handle "Classless in-addr.arpa delegation" RFC2317 (#149)

Browse Source 
* Handle IPv4 "Classless in-addr.arpa delegation" RFC2317 (partial).
* Validate PTR name when in RFC2317 "Classless in-addr.arpa delegation" domains.
* Update docs
* Set CanUsePTR for Route53 and Google CloudDNS.
* BIND: Replace "/" with "_" in filenames.
This commit is contained in:
Tom Limoncelli
2017-07-10 19:24:55 -04:00
committed by GitHub
parent 9e66402e0b
commit e563c53658
9 changed files with 203 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
docs/_functions/domain/PTR.md
View File

@ -8,13 +8,54 @@ parameters:
PTR adds a PTR record to the domain.
The name should be the relative label for the domain, or may be a FQDN that ends with `.`.
* If the name is a valid IP address, DNSControl will *magically* replace it with a string that is appropriate for the domain. That is, if the domain ends with `in-addr.arpa` it will generate the IPv4-style reverse name; if the domain ends with `ipv6.arpa` it will generate the IPv6-style reverse name. DNSControl will truncate it as appropriate for the netmask.
* If the name ends with `in-addr.arpa.` or `ipv6.arpa.` (not the `.` at the end), DNSControl will truncate it as appropriate for the domain. If the FQDN does not fit within the domain, this will raise an error.
The name is normally a the relative label for the domain, or a FQDN that ends with `.`. If magic mode is enabled (see below) it can also be an IP address, which will be replaced by the proper string automatically, thus
saving the user from having to reverse the IP address manually.
Target should be a string representing the FQDN of a host. Like all FQDNs in DNSControl, it must end with a `.`.
**Magic Mode:**
PTR records are complex and typos are common. Therefore DNSControl
enables features to save labor and
prevent typos. This magic is only
enabled when the domain ends with `in-addr.arpa.` or `ipv6.arpa.`.
*Automatic IP-to-reverse:* If the name is a valid IP address, DNSControl will replace it with
a string that is appropriate for the domain. That is, if the domain
ends with `in-addr.arpa` (no `.`) and name is a valid IPv4 address, the name
will be replaced with the correct string to make a reverse lookup for that address.
IPv6 is properly handled too.
*Extra Validation:* DNSControl considers it an error to include a name that
is inappropriate for the domain. For example
`PTR('1.2.3.4', 'f.co.')` is valid for the domain `D("3.2.1.in-addr.arpa',`
but DNSControl will generate an error if the domain is `D("9.9.9.in-addr.arpa',`.
This is because `1.2.3.4` is contained in `1.2.3.0/24` but not `9.9.9.0/24`.
This validation works for IPv6, IPv4, and
RFC2317 "Classless in-addr.arpa delegation" domains.
*Automatic truncation:* DNSControl will automatically truncate FQDNs
as needed.
If the name is a FQDN ending with `.`, DNSControl will verify that the
name is contained within the CIDR block implied by domain. For example
if name is `4.3.2.1.in-addr.arpa.` (note the trailing `.`)
and the domain is `2.1.in-addr.arpa` (no trailing `.`)
then the name will be replaced with `4.3`. Note that the output
of `REV('1.2.3.4')` is `4.3.2.1.in-addr.arpa.`, which means the following
are all equivalent:
* `PTR(REV('1.2.3.4'), `
* `PTR('4.3.2.1.in-addr.arpa.'), `
* `PTR('4.3',` // Assuming the domain is `2.1.in-addr.arpa`
All magic is RFC2317-aware. We use the first format listed in the
RFC for both `REV()` and `PTR()`. The format is
`FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
and A, B, C are the first 3 octets of the IP address. For example
`172.20.18.130/27` is located in a zone named
`128/27.18.20.172.in-addr.arpa`
{% include startExample.html %}
{% highlight js %}
D(REV('1.2.3.0/24'), REGISTRAR, DnsProvider(BIND),
@ -25,6 +66,10 @@ D(REV('1.2.3.0/24'), REGISTRAR, DnsProvider(BIND),
PTR('1.2.3.10', 'ten.example.com.'), // '10'
);
D(REV('9.9.9.128/25'), REGISTRAR, DnsProvider(BIND),
PTR('9.9.9.129', 'first.example.com.'),
);
D(REV('2001:db8:302::/48'), REGISTRAR, DnsProvider(BIND),
PTR('1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0', 'foo.example.com.'), // 2001:db8:302::1
// If the first parameter is a valid IP address, DNSControl will generate the correct name: