A trailing dot is added to the value when exporting/importing domains

Question

A trailing dot is added to the value when exporting/importing domains

vandr0iy opened this issue 3 years ago · comments

Issue type

Bug report

cli53 version (cli53 --version)

built it from source using go get github.com/barnybug/cli53/cmd/cli53 as of Mon 19 Apr 2021 01:57:46 PM CEST. If I run this command it returns

cli53 version master

OS / Platform

OS: NixOS 20.09 (Nightingale) x86_64
Host: 20EN0006MZ ThinkPad P50
Kernel: 5.4.100
Shell: zsh 5.8
Terminal: alacritty
CPU: Intel i7-6820HQ (8) @ 3.600GHz
GPU: NVIDIA Quadro M2000M
Memory: 15842MiB / 23953MiB

Steps to reproduce

export a domain from route53:

cli53 export --full domainname.tld > route53-hostedzone.txt

create an new one (in my case it was a new account):

export CR="$(date +'%Y-%m-%d-%H-%M-%S')"
aws route53 create-hosted-zone --name 'domainname.tld' --caller-reference "${CR}"

import the file from before:

cli53 import --file route53-hostedzone.txt 'domainname.tld'

Expected behaviour

A hosted zone with exactly same identical records to the old one

Actual behaviour

most of the records have a trailing dot. The way one notices is by doing this:

aws route53 list-resource-record-sets --hosted-zone-id $oldhostedzoneid --output json > old.domainname.json
# ---switch accounts
aws route53 list-resource-record-sets --hosted-zone-id $newhostedzoneid --output json > new.domainname.json
diff new.domainname.json old.domainname.json

the output shows a lot of these:

...
872c872
<                     "Value": "cname.vercel-dns.com."
---
>                     "Value": "cname.vercel-dns.com"
...

Note the trailing dot in the record on the 2nd line, from new.domainname.json

vandr0iy · Answer 1 · Mon Apr 19 2021 20:43:14 GMT+0800 (China Standard Time)

As far as I know, the standard treats both values with and without the trailing dot as valid, where the former is preferred. Also, the route53 docs say the same. Still, it's pretty confusing when the input doesn't match the output.

wfaulk · Answer 2 · Tue Apr 05 2022 03:01:38 GMT+0800 (China Standard Time)

From RFC1035:

Domain names that end in a dot are called absolute, and are taken as complete. Domain names which do not end in a dot are called relative; the actual domain name is the concatenation of the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as an argument to the master file loading routine. A relative name is an error when no origin is available.

Amazon would appear to actually be the one at fault here, since they treat all domain names as absolute whether they end in a dot or not. cli53 has to export those records as absolute since that's what Amazon means. Other DNS services will interpret them as relative domain names, which means your "cname.vercel-dns.com" would be interpreted as "cname.vercel-dns.com.vercel-dns.com." (assuming it was in a zone for "vercel-dns.com."), which is not the same record that R53 is providing. But once it's been corrected, there's not any real way to know if the original was correctly or incorrectly specified.