From 35b8a149d810a28e55204ba86ca1c2fa8d7da592 Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Fri, 22 Sep 2017 12:31:49 -0400
Subject: [PATCH] fix dns regex: underscores are allowed in domain names even
 though they are not allowed in hostnames

---
 management/dns_update.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/management/dns_update.py b/management/dns_update.py
index aaf209fc..aa0ee602 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -13,9 +13,10 @@ from mailconfig import get_mail_domains
 from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
 
 # From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074
-# Thanks to Onur Yıldırım
-# This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot
-DOMAIN_RE = "^(?!\-)(?:[a-zA-Z\d\-]{0,62}[a-zA-Z\d]\.){1,126}(?!\d+)[a-zA-Z\d]{1,63}(\.?)$"
+# This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot,
+# as well as underscores which are allowed in domain names but not hostnames (i.e. allowed in
+# DNS but not in URLs), which are common in certain record types like for DKIM.
+DOMAIN_RE = "^(?!\-)(?:[a-zA-Z\d\-_]{0,62}[a-zA-Z\d_]\.){1,126}(?!\d+)[a-zA-Z\d_]{1,63}(\.?)$"
 
 def get_dns_domains(env):
 	# Add all domain names in use by email users and mail aliases and ensure