DNS 区域文件的有效字符是什么以及如何清理用户输入?
我正在开发一个接口,允许我们的客户自行更新他们的 DNS。
我有两个问题:
- 什么构成有效的主机和目标记录? (A、CNAME、MX、TXT)即如果用户为主机和目标输入 ........,则 DNS 服务器不会这样做。
- 是否有一个正则表达式可以用来清理用户输入?
顺便说一句,它是 BIND9 DNS 和 C# Web 应用程序。
谢谢,
凯尔
I'm working on an interface to allow our clients to update their DNS on their own.
I have 2 questions:
- What constitutes valid a valid host and target records? (A, CNAME, MX, TXT) i.e. if the user enters ........ for the host and target the DNS server won't like that.
- Is there a regex I can use to sanitize user input?
BTW it is BIND9 DNS and C# web app.
Thanks,
Kyle
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
域名标签从技术上讲可以包含任何八位字节值,但通常它们仅包含字母数字以及连字符和下划线字符。
这来自 RFC 1035 第 2.3.1 节中的建议:
下划线字符是最近添加的,通常用在
SRV
记录的标签部分。如果您要让用户创建自己的子域,您还可以允许使用“
.
”字符。可能的值有:
A
记录 - 必须是点分四组 IP 地址CNAME
记录 - 必须是其他合法标签MX
记录 - 16 位整数优先级字段和合法主机名。 注意:有些人放置的标签本身仅指向CNAME
记录。 这是令人皱眉的。TXT
记录 - 任何你喜欢的内容!请注意,在每种情况下,如果您确实允许任何不在正常集中的字符,并且它们存储在 BIND 格式区域文件中,则需要对它们进行转义。
Domain name labels can technically contain any octet value, but usually they only contain alphanumerics and the hyphen and underscore characters.
This comes from recommendations in section 2.3.1 of RFC 1035:
The underscore character is a more recent addition, typically used in the label portion of
SRV
records.You could also permit the "
.
" character if you're going to let users create their own subdomains.The values that are possible are:
A
record - must be a dotted-quad IP addressCNAME
record - must be some other legal labelMX
record - 16-bit integer priority field, and a legal hostname. NB: some people put in labels which themselves point only to aCNAME
record. This is frowned upon.TXT
record - anything you like!Note that in every case, if you do allow any of the characters not in the normal set they would need to be escaped if they're being stored in a BIND format zone file.
答案曾经很简单,但现在不再如此。
您可以使用几乎任何 Unicode 字符,但它们应该经过标准化,并且
编码过程。
请参阅 RFC 3490 (IDNA)、RFC 3454 (Stringprep)、RFC 3491 (Nameprep)、RFC 3492 (Punycode)
或查看 Wikipedia 以了解全局 (http://en.wikipedia.org/wiki/国际化域名)。
The answer used to be easy, but not anymore.
You can use almost any Unicode characters, but they should go thru a normalization, and
encoding process.
See RFC 3490 (IDNA), RFC 3454 (Stringprep), RFC 3491 (Nameprep), RFC 3492 (Punycode)
Or go with Wikipedia for the big picture (http://en.wikipedia.org/wiki/Internationalized_domain_name).
不要忘记 AAAA,即 IPv6 地址(记住,距离我们用完 IPv4 地址只剩下两年了……)。
有关合法名称,请阅读 RFC 1123 第 2.1 节。 域名名称可以是任何东西,主机名称具有更严格的语法(请参阅 RFC 1123)。
Do not forget AAAA, the IPv6 addresses (remember, only two years left before we run out of IPv4 addresses...).
For the legal names, read RFC 1123, section 2.1. domain names can be anything, host names have a much stricter syntax (see RFC 1123).
除了上面的建议之外,如果有人仍然面临从 godaddy 导入区域文件到 Route53 的问题,请删除评论。 我花了几个小时才发现写为
;comment line here
的注释导致 53 号路线系统无法正确解析区域文件。apart from suggestions above, if anyone still faces issue with importing zone files from godaddy to route53, remove the comments. it took me few hours to figure out that comments written as
;comment line here
were causing route 53 system to not parse the zone file properly.