gomatrixserverlib icon indicating copy to clipboard operation
gomatrixserverlib copied to clipboard
verified publisher icon matrix-org

Federation client shouldn't follow CNAME records in SRV records

Open babolivier opened this issue 6 years ago • 3 comments

RFC2782 forbids CNAME records as SRV record targets but we need to check it because Go completely ignores that

babolivier avatar Apr 02 '19 17:04 babolivier

this turns out to be surprisingly hard to do correctly in Go, so I'm not sure this is worth fixing. It's pretty harmless if we are a bit too tolerant.

richvdh avatar Apr 02 '19 17:04 richvdh

I know it forbids it, but everytime a server lets me specify a CNAME nonetheless, I dance a happy dance. Even if not accordingly strictly to spec, it is not wrong to be a bit lenient, so I propose to not do anything about this and close the issue :-)

spaetz avatar Jul 10 '22 19:07 spaetz

I fundamentally disagree with past-me here.

Given the question "should CNAMEs be accepted as the target of SRV records", there should be one answer that applies to the whole of the matrix ecosystem, otherwise we'll be in the frustrating situation of connections working intermittently. (eg, you'll be able to federate with servers written in Go, but not in Python)

Before completely deciding what to do here, I'd be interested to know what Synapse does, but given, as Brendan says, CNAMEs are not normally valid as the target of SRV records, I am inclined to say they should not be accepted.

Related: https://github.com/matrix-org/matrix-spec/issues/606

richvdh avatar Jul 11 '22 16:07 richvdh