Forum Discussion

ipcdollar1's avatar
ipcdollar1
Copper Contributor
Feb 11, 2020
Solved

I can't connect to Azure ATP with a Domain Name with numbers as a domain

Azure ATP marks the domain field red when typing my domian name: Example: child.01.contoso.com   How do I add credentials for my domain?
Sensor
  • EliOfek's avatar
    EliOfek
    Feb 18, 2020

    ipcdollar1 , Taking back what I wrote before, you are correct. While the code declares it enforces the RFC, it's clearly a bug that it allowed first character as digit in the label.

    I will add it to the internal ticket. Product will have to decide if they want to continue to stick to the RFC, in which case fix it to not allow, or change the rules to align with AD rules, which might make more sense here.

    Thanks for the feedback!

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft
Feb 11, 2020

Hi,

Is this an old domain from before Windows 2000???

Are all domains using the same format?

If not, as a workaround, are you able to add credentials from a different domain that does not have a dns part with all numbers, and also has full trust with this domain?

If yes, this should work around the issue until we can research it better.

ipcdollar1's avatar
ipcdollar1
Copper Contributor
Feb 11, 2020
No, it's not a legacy domain and I don't see why that has something to do with it.

Is it not a just a problem with verification??? Numbers in DNS domain is allowed according to the RFC, right??
  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Feb 11, 2020

    Actually No,

    See RFC 1035, section 2.3.1

    https://tools.ietf.org/html/rfc1035

     

    The labels must follow the rules for ARPANET host names.  They must
start with a letter, end with a letter or digit, and have as interior
characters only letters, digits, and hyphen.  There are also some
restrictions on the length.  Labels must be 63 characters or less. 

     So you can use numbers in a dns name - yes, but any part in the dns name should *not* contain *just numbers*. 

    so in the case of child.01.contoso.com

    the .01. part is failing the validation.

    if it was something like .a01. it would be fine.

     

     

    • ipcdollar1's avatar
      ipcdollar1
      Copper Contributor
      Feb 18, 2020

      EliOfek 

       

      But you allow this for example:

      nb.1we2.contoso.org

       

      Why? 
      If you are not compliant to RFC 1035, why not allow numeric only host/domain name?

      • EliOfek's avatar
        EliOfek
        Icon for Microsoft rankMicrosoft
        Feb 18, 2020

        ipcdollar1 , Taking back what I wrote before, you are correct. While the code declares it enforces the RFC, it's clearly a bug that it allowed first character as digit in the label.

        I will add it to the internal ticket. Product will have to decide if they want to continue to stick to the RFC, in which case fix it to not allow, or change the rules to align with AD rules, which might make more sense here.

        Thanks for the feedback!

Resources