www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

TXT record won't accept "+" character

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
nexus



Joined: 31 Mar 2017
Posts: 5

PostPosted: Fri Mar 31, 2017 1:04 pm    Post subject: TXT record won't accept "+" character Reply with quote

Hi I'm trying to create a google._domainkey TXT record in a zeroshell hosted DNS

The TXT record includes a "+" character.
Every attempt to save the record results in the "+" character replaced by whitespace " "

How can I edit this TXT record to ensure the "+" character is retained?
Back to top
View user's profile Send private message
nexus



Joined: 31 Mar 2017
Posts: 5

PostPosted: Sat Apr 01, 2017 6:16 am    Post subject: Retire Zeroshell Reply with quote

Since I can't see a way to get zeroshell to behave itself with regards this TXT record, I am considering retiring zeroshell for the master DNS. Then if the slaves which are also zeroshell then continue to corrupt the record when replicating from an alternative master I'll have to completely retire zeroshell from my infrastructure altogether.

I've not used these types of cryptographic TXT record keys before hence problem not spotted until I went to use one.

Does anyone have some workaround suggestions? Is replacing my master DNS with something that behaves sanely and retaining zeroshell slaves even viable?
Back to top
View user's profile Send private message
nexus



Joined: 31 Mar 2017
Posts: 5

PostPosted: Sat Apr 01, 2017 2:09 pm    Post subject: Replaced Master Reply with quote

I've replaced the master DNS and retired zeroshell as master. The zeroshell slaves _seem_ to be traferring the zone sanely and the missing + character is present using an alternative master DNS

I am getting some unexpected latency however - one of the two slaves is persistently returning the old incorrect record despite the zone having transferred OK and appearing correct when selecting "show" in the slave zone config.

Leaving it till morning. Uncertain why it would be returning what is now a stale record that doesn't actually exist in the zone anymore.

Have tried restarting slave DNS services and restarting the slave zeroshell instance. Will advise if this second issue (stale record returned) is still present in the morning. (1:00AM here)
Back to top
View user's profile Send private message
nexus



Joined: 31 Mar 2017
Posts: 5

PostPosted: Sat Apr 01, 2017 11:18 pm    Post subject: Dont use ZS as master Reply with quote

So...come morning the stale record that wouldn't go away seems to be gone. Still unclear on why it persisted so long after the whole zone was replaced but at least the zone is intact and the TXT values are sane.

Solution: Don't use ZS as master DNS

Not a great solution, but a solution. Still interested in any light that can be shed on this behaviour - the + character being stripped - I presume that's the web interface getting in the way, the stale record persisting in responses from slave long after replaced and the services restarted, and there's much higher zone transfer latency now. Previously I never saw serials out of sync at the slaves, now it seems to be a norm when I make a zone alteration.

Replacement master is an MS DNS
Back to top
View user's profile Send private message
iulyb



Joined: 02 Jun 2016
Posts: 103

PostPosted: Thu Apr 06, 2017 2:31 am    Post subject: Reply with quote

Hi,

Did u try to enter with a backspace \+ ?

Also, u can try to use an LDAP browser (ex: Apache LDAp browser) to edit the record manually or if you have some LDAP knoledge u can try to edit the record on ldap from command line.
Back to top
View user's profile Send private message
nexus



Joined: 31 Mar 2017
Posts: 5

PostPosted: Sun Apr 09, 2017 12:57 pm    Post subject: Reply with quote

iulyb wrote:
Hi,

Did u try to enter with a backspace \+ ?

Also, u can try to use an LDAP browser (ex: Apache LDAp browser) to edit the record manually or if you have some LDAP knoledge u can try to edit the record on ldap from command line.


Yes I had tried escaping the character but didn't have success. I'm happy with my alternative config for now - it's easily editable without unnecessary complexities.

Longer term I'll replace the master with something more....linux
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group