zonemaster-engine icon indicating copy to clipboard operation
zonemaster-engine copied to clipboard

Published 20 hours ago verified publisher icon zonemaster

Incorrect warning is shown in some cases of invalid SOA RNAMEs

Open marc-vanderwal opened this issue 2 years ago • 4 comments

On a test domain, I had the following SOA record:

test.           IN      SOA     (
                                  ns.test.
                                  root.test.
                                  2022091701 ; serial
                                  86400      ; refresh (24 h)
                                  14400      ; retry (4 h)
                                  3600000    ; expire (1000 h)
                                  3600       ; negative cache
                                )

When I run zonemaster-cli on that test domain (running on a DNS server listening on the loopback interface), it complains about the RNAME in that SOA record, but the error message is wrong:

   2.14 WARNING   Illegal character(s) found in SOA RNAME field (root@test).

Granted, “root@test” looks like a bogus e-mail address, but the diagnostic is incorrect: there are no illegal characters in this e-mail address. That’s because the address is tested using Email::Valid here and if the test fails, the above warning is shown. But illegal characters in an e-mail address is only sufficient, not necessary, for it to be invalid.

Instead, it would be more appropriate to display something like the following:

   2.14 WARNING   The SOA RNAME field (root@test) is not a valid e-mail address.

Besides, the usual mistake most people would make IMO is to put an @ sign in the RNAME. Maybe a specific error message could be displayed in that particular case?

marc-vanderwal avatar Sep 20 '22 06:09 marc-vanderwal

The implementation is not correct. The format of the email address is correct. Looking at the specification I guess a change of the message is reasonable, but then rather one of the following alternatives:

The email address ({email}) derived from the SOA RNAME field is not a valid e-mail address.
The SOA RNAME field "{rname}" cannot be converted into a valid e-mail address.

I suggest that we start with an update of the specifcation.

matsduf avatar Sep 20 '22 08:09 matsduf

I agree, this could be a good opportunity to revamp the test case.

As for the suggested change of error message, I like the first of your two alternatives. How about:

The e-mail address ({email}) derived from the SOA RNAME field ({rname}) is not a valid e-mail address.

marc-vanderwal avatar Sep 20 '22 09:09 marc-vanderwal

Oh, and I just found out that SYNTAX05 already checks for @ signs in SOA RNAME. The warning message we are discussing here is emitted by SYNTAX06, which is a more generic validity check. I thought both of these checks would be done by the same test case. My bad.

marc-vanderwal avatar Sep 20 '22 09:09 marc-vanderwal

As for the suggested change of error message, I like the first of your two alternatives. How about:

The e-mail address ({email}) derived from the SOA RNAME field ({rname}) is not a valid e-mail address.

Yes, that is clear and explicit. Should not be misunderstood.

matsduf avatar Sep 20 '22 11:09 matsduf