dnscontrol icon indicating copy to clipboard operation
dnscontrol copied to clipboard

Published 20 hours ago verified publisher icon StackExchange

AWS Route53 GetZone error while parsing TXT record

Open thebetauser opened this issue 6 months ago • 4 comments

NOTE: Have a general question? You'll get a better response on the dnscontrol-discuss email list!

Describe the bug GetZone fails while trying to handle AWS Route53 TXT records. Not sure why this specific string is causing the error, originally I thought it was a quote issue however DKIM records with quotes inside of them do not generate this error.

To Reproduce Steps to reproduce the behavior:

  1. Create a TXT record in AWS Route 53 from the code snippet below
  2. Run the command: dnscontrol get-zones --format=js r53_entry - YOURDOMAIN.com

Expected behavior Correctly parse TXT records from a aws route53 zone.

DNS Provider

  • AWS Route53

Additional context

This is a TXT record for a spf value which generated the error (IPs censored but character length and syntax is direct from amazon route53 UI):

"v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

Output

failed GetZone gzr: unparsable record type="TXT" received from ROUTE53: invalid TXT record: "v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

thebetauser avatar Feb 27 '24 18:02 thebetauser

CC @tresni (maintainer of the route53 provider)

tlimoncelli avatar Feb 27 '24 18:02 tlimoncelli

The string in the UI is... interesting...

This part here seems invalid:

2 ip4:11.11.222.1/32 "" ip4:22.222.22.222/32

Was that record generated by DNSControl or some other system?

As a work-around, use the web UI to remove the "" from the middle of that string. Please let us know if it worked.

tlimoncelli avatar Feb 27 '24 18:02 tlimoncelli

Removing the quotes won't work because it's over 255 characters. Route53 returns InvalidChangeBatch 400: CharacterStringTooLong (Value is to long) error. Putting the quotes within the string works and is a valid record.

AWS specifically mentions the limit and requires you to split the string https://repost.aws/knowledge-center/route53-resolve-dkim-text-record-error

thebetauser avatar Feb 27 '24 19:02 thebetauser

I was able to resolve the issue, seems there is a specific quotation syntax that is required. In the above post from amazon, they used "" (no space between quotes) however the correct syntax for DNSControl to parse the record requires a space between the quotes. Route53 UI lets you use no space quotation marks as well as spaced quotation marks for TXT records over 255 chars. Here is the updated working syntax:

"v=spf1 ip4:222.11.222.222/32 ip4:222.222.11.222/32 ip4:11.222.11.11/32 ip4:11.222.11.222/32 ip4:1.11.22.222/32 ip4:1.22.22.222/32 ip4:11.11.222.1/32" "ip4:22.222.22.222/32 ip4:11.222.11.222/30 ip4:11.11.222.222/30 ip4:11.222.222.222/32 ip4:11.222.222.222/32 ~all"

This doesn't seem to be a DNSControl specific issue so you can go ahead and close this out.

It would be nice if in the future additional checks for quote syntax was added for TXT records since route53 has a 255 character limit and requires the use of quotation marks to concat the strings

thebetauser avatar Feb 27 '24 19:02 thebetauser