dnscontrol icon indicating copy to clipboard operation
dnscontrol copied to clipboard

Published 20 hours ago verified publisher icon StackExchange

IGNORE_NAME, IGNORE_TARGET not working within D_EXTEND

Open ad8-bdl opened this issue 3 years ago • 1 comments

Summary: I think IGNORE_NAME, IGNORE_TARGET need additional documentation noting they do not work as might be expected within a D_EXTEND - they do not account for the D_EXTEND subdomain. Alternately the implementation needs to be fixed to recognise the D_EXTEND subdomain but I'm not sure there's a clean way to do that.

Details: So I'd like to IGNORE_NAME some targets within a subdomain (my real use case is a subdomain "reserved" for DDNS clients, e.g. ddns.example.net). My initial view was to use IGNORE_NAME("target") within a D_EXTEND("sub.domain.tld"). Alas ignored targets all end up in the base D() domain.

Using the 005-ignored-records.js test case as an example (adding the D_EXTEND stanza):

D("foo.com", "none"
  , IGNORE_NAME("testignore")
  , IGNORE_TARGET("testtarget", "CNAME")
  , IGNORE("legacyignore")
);

D_EXTEND("sub.foo.com"
  , IGNORE_NAME("testignore-sub")
  , IGNORE_TARGET("testtarget-sub", "CNAME")
);

Where all of testignore.foo.com, testignore-sub.sub.foo.com and so on are ignored. The actual result as of 49b065e is that all the IGNORE_* targets are relative to the base D() domain. e.g. here's the actual (partial) IR:

"domains": [
{
    "name": "foo.com",
    ...
    "ignored_names": [
    "testignore",
    "legacyignore",
    "testignore-sub"
    ],
    "ignored_targets": [
    {
        "pattern": "testtarget",
        "type": "CNAME"
    },
    {
        "pattern": "testtarget-sub",
        "type": "CNAME"
    }
    ]
}
]

Alas, the subdomain is ... ignored (boom-tish).

I guess what I'd expect is that the ignored_names and ignored_targets.pattern would include the subdomains? But that seems hacky.

TBH I'm fine with simply documenting that IGNORE_* is always relative to the base domain. Doing that would also avoid fuzziness about how the globbing works.

In my actual use case, I've just added a

IGNORE_NAME("**.ddns")

to the base D() and all is well.

ad8-bdl avatar Mar 10 '21 10:03 ad8-bdl

For now I'm going to document that IGNORE_* doesn't work with D_EXTEND() (see https://github.com/StackExchange/dnscontrol/pull/1108).

However, I'm keeping this issue open because this needs to be fixed.

To make IGNORE_* more stable and trustable, we need to vastly improve our integration testing of them.

tlimoncelli avatar Mar 28 '21 17:03 tlimoncelli

The "diff2" project fixed this. Please re-open if you find any problems.

tlimoncelli avatar Dec 14 '23 20:12 tlimoncelli