dns-ui icon indicating copy to clipboard operation
dns-ui copied to clipboard
verified publisher icon operasoftware

Support multiple strings in single TXT record

Open scimn opened this issue 8 years ago • 5 comments

Hi, it would be great if you could change DNS UI to treat and display double quotes in TXT records as content rather than a hidden string qualifiers, or at least add support for managing a single TXT record with multiple strings as described in RFC4408

An example of such TXT record is current public 2048 bit DKIM key of gmail.com:

# dig 20161025._domainkey.gmail.com TXT +short
"k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"

scimn avatar Aug 08 '17 14:08 scimn

Yes, I agree this needs improvement. The original design assumption was that it would be convenient to remove all quoting and escaping from TXT records when displaying them in the UI (and then to escape and quote them on submit). However this doesn't work well with real life scenarios such as Google, Amazon and others providing the raw TXT record to be added.

thomas-pike avatar Aug 08 '17 14:08 thomas-pike

TXT records with multiple strings is also impossible to add in any "non-raw" form in DNS UI so improving this is highly encouraged. An idea would be that missing (outer) quotes is automatically added during form input for convenience, but displayed and preserved as-is per default.

scimn avatar Aug 08 '17 15:08 scimn

Agreed, that's probably the best strategy. While I'm not usually a huge fan of "magic" behaviour that changes based on the input, I think it's sane in this case to auto-escape and quote if (and only if) the input does not have outer quotes. Anything else that I can think of would require a more complicated UI.

In the meantime though, note that multiple strings in TXT records are concatenated together when sent over the DNS protocol (see http://www.zytrax.com/books/dns/ch8/txt.html), so there is (at least as far as I can tell) no effective reason why you actually must be able to enter a record with multiple strings (though of course you might have reasons for wanting them to be separate in the source).

For example, to add the gmail.com DKIM record in the UI as it is now you can copy all of the quoted sections into the text field with no separators between them, ie. as the single string: k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqRtqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB

Also, PowerDNS will automatically split TXT records that are too large for the DNS protocol (see https://doc.powerdns.com/md/types/#txt).

thomas-pike avatar Aug 09 '17 14:08 thomas-pike

Thanks, wasn't aware of that PowerDNS automatically allows/splits TXT record strings larger than 255 characters, tried that and it worked perfectly. However the corresponding record in my git exported zone file now got broken (according to at least named-checkzone 9.10.4 defaults), so don't forget the BIND import/export functions if you have further look at this issue.

scimn avatar Aug 09 '17 14:08 scimn

Thanks, that certainly needs fixing too.

thomas-pike avatar Aug 09 '17 14:08 thomas-pike