Page MenuHomePhabricator

Designate DNS TXT records max length is 255 chars (Horizon reports vague "Error: Unable to create the record set.")
Open, LowPublic

Description

https://bugs.launchpad.net/designate/+bug/1595265

The limit on TXT data is now 255 bytes, which is too short for certain use cases. Designate should support creation of TXT records with data much longer than 255 bytes.

If you are trying to setup a DKIM record in Designate via Horizon, try these tweaks:
  • Generate an ed25519 key rather than an RSA key.
  • Enter the value in Horizon wrapped in literal " characters to prevent whitespace and ; splitting of the provided value.

Alternately, you can try manually splitting the data into chunks of no more than 255 characters and entering them as multiple records within the TXT recordset. The ; splitting and unquoted whitespace rejection will still be in effect, so you will probably still need to add explicit " characters to your input values.


Initially discovered in T87338: Mails through deployment-mx SPF & DKIM fails
To reproduce the problem, I tried to make a TXT record called designatetesting.testlabs.wmflabs.org., comment Alex testing https://phabricator.wikimedia.org/T87338#4274206, value abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz
Horizon through an HTTP 500 straight back at me and the UI showed "Error: Unable to create the record set.".
This was fine as soon as I reduced the value to 256 characters. More than that and it errored.

Event Timeline

Note: This might be a problem with our Designate SQL schema, with the Horizon upstream code, or with the Designate upstream code.

This prevents you from adding DKIM records with 2048 bit RSA keys.

Before reporting upstream we should at least dig the error out of the logs actually.

Krenair edited projects, added Horizon; removed Cloud-VPS.

Brooke sent me the schema for the Designate records table, which includes this:

| Field                   | Type                                       | Null | Key | Default | Extra |
| data                    | text                                       | NO   |     | NULL    |       |

But MySQL TEXT is supposed to allow for 64KB so that shouldn't be the problem.

bd808 renamed this task from HTTP 500 from Horizon when creating long DNS records to Designate DNS TXT records max length is 255 chars (Horizon reports vague error).Mar 27 2021, 5:14 PM
bd808 updated the task description. (Show Details)

Brooke sent me the schema for the Designate records table, which includes this:

| Field                   | Type                                       | Null | Key | Default | Extra |
| data                    | text                                       | NO   |     | NULL    |       |

But MySQL TEXT is supposed to allow for 64KB so that shouldn't be the problem.

The problem is in the Designate model classes, not the backing schema.

https://opendev.org/openstack/designate/src/branch/master/designate/objects/rrdata_txt.py#L29

@base.DesignateRegistry.register
class TXT(Record):
    """
    TXT Resource Record Type
    Defined in: RFC1035
    """
    fields = {
        'txt_data': fields.TxtField(maxLength=255)
    }
bd808 renamed this task from Designate DNS TXT records max length is 255 chars (Horizon reports vague error) to Designate DNS TXT records max length is 255 chars (Horizon reports vague "Error: Unable to create the record set.").Mar 27 2021, 5:54 PM
bd808 updated the task description. (Show Details)

Some random research on this:

  • This problem is not exclusive to Designate. You can find Q&A on the same underling issue for many DNS management systems with GUIs
  • The 255 char limit for a single TXT record is part of the DNS spec
  • Multiple records can be used to deliver longer payloads
  • A more ideal solution upstream would include automatic splitting of the input into <=255 byte chunks before hitting the storage layer