NicTool icon indicating copy to clipboard operation
NicTool copied to clipboard
verified publisher icon NicTool

Importer and UI reports false duplicates

Open gerhard-tinned opened this issue 4 years ago • 2 comments

NicTool version

2.34

perl version

This is perl 5, version 28, subversion 1 (v5.28.1) built for x86_64-linux-gnu-thread-multi

OS version

Debian 10.8 in podman container MariaDB 10.3

Steps to reproduce

A zone that was imported contained the following records shown by the following example. Lets call the zone "domain.tld" in this example.

somename                IN      TXT     "Test text record"
somename.domain.tld     IN      TXT     "Test text record"

Observed behavior

It seems the nictool server (or api) validation considers those two records duplicates. One might argue that this is a rear case that the second record is realy needed. Technically it is still not a duplicate. A namserver would resolve those two names as two separate names. As both do not have the trailing dot, both are considered relative names inside the zone.

somename.domain.tld.
somename.domain.tld.domain.tld.

The issue also exists in the UI. The reported error reads like this.

Sanity Error 
Duplicate Resource Records are not allowed: RFC 2181

Expected behavior

It could be argued that the second record is a typo but it can not be sad that it is a duplicate. Technically they are not equal. If this is a precaution to avoid possibly unwanted entries in a zone, this featuire should be configurable.

gerhard-tinned avatar Mar 24 '21 17:03 gerhard-tinned

It could be argued that the second record is a typo but it can not be sad that it is a duplicate. Technically they are not equal.

Aye, true enough.

If this is a precaution to avoid possibly unwanted entries in a zone, this feature should be configurable.

They are almost certainly unwanted entries, and it often confuses humans who create such records and then can't figure out why their DNS record doesn't resolve. Also, duplicate records will cause some picky nameservers to reject loading a zone. NicTool is designed to avoid human induced errors in zones, therefore we don't allow users to add records that can cause their DNS to fail. Unless there's compelling reasons not to, we adhere tightly to the DNS RFCs.

msimerson avatar Mar 24 '21 17:03 msimerson

Unless there's compelling reasons not to, we adhere tightly to the DNS RFCs.

From that point of view the validation would not work correctly. But I agree, this specific behavior made us realize as well that we have some unwanted entries in our bind zone files.

gerhard-tinned avatar Mar 25 '21 07:03 gerhard-tinned