[PR #2935] [MERGED] CAA: Store tag field as-is #3432

New issue

Closed

opened 2026-03-16 11:43:21 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:43:21 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2935
Author: @divergentdave
Created: 4/15/2025
Status: ✅ Merged
Merged: 4/16/2025
Merged by: @djc

Base: main ← Head: david/caa-raw-tag

📝 Commits (1)

7da20b8 CAA: Store tag field as-is

📊 Changes

2 files changed (+18 additions, -8 deletions)

View changed files

📝 crates/proto/src/rr/rdata/caa.rs (+16 -8)
📝 crates/proto/src/serialize/txt/rdata_parsers/caa.rs (+2 -0)

📄 Description

This changes CAA handling to store the raw tag field when decoding, and use that value when encoding. This keeps us from changing the capitalization of the tag when it matches one of the defined tags, "issue", "issuewild", or "iodef". We should preserve this field in this manner to avoid invalidating RRSIGs in case some zone has an unusual tag value.

I tried adding a conformance test for this, but Unbound is strict about the tag's contents, and failed to load the zone with this message: "invalid tag ISSUE: contains invalid char I". RFC 8659 says the tag MAY contain any ASCII lowercase letter, upppercase letter, or number, and says that "Matching of tags is case insensitive".

Note that this could be cleaned up in the future when making breaking changes. Currently, any unknown tags will be stored twice, in both the tag and raw_tag fields.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2935 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 4/15/2025 **Status:** ✅ Merged **Merged:** 4/16/2025 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `david/caa-raw-tag` --- ### 📝 Commits (1) - [`7da20b8`](https://github.com/hickory-dns/hickory-dns/commit/7da20b8f89889bd56aaa315e5b04081f435f2af0) CAA: Store tag field as-is ### 📊 Changes **2 files changed** (+18 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `crates/proto/src/rr/rdata/caa.rs` (+16 -8) 📝 `crates/proto/src/serialize/txt/rdata_parsers/caa.rs` (+2 -0) </details> ### 📄 Description This changes CAA handling to store the raw tag field when decoding, and use that value when encoding. This keeps us from changing the capitalization of the tag when it matches one of the defined tags, "issue", "issuewild", or "iodef". We should preserve this field in this manner to avoid invalidating RRSIGs in case some zone has an unusual tag value. I tried adding a conformance test for this, but Unbound is strict about the tag's contents, and failed to load the zone with this message: "invalid tag ISSUE: contains invalid char I". RFC 8659 says the tag MAY contain any ASCII lowercase letter, upppercase letter, or number, and says that "Matching of tags is case insensitive". Note that this could be cleaned up in the future when making breaking changes. Currently, any unknown tags will be stored twice, in both the `tag` and `raw_tag` fields. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>