StackExchange
diff --git a/‎documentation/provider/bind.md‎
Lines changed: 61 additions & 39 deletions b/‎documentation/provider/bind.md‎
Lines changed: 61 additions & 39 deletions
diff --git a/‎integrationTest/integration_test.go‎
Lines changed: 6 additions & 5 deletions b/‎integrationTest/integration_test.go‎
Lines changed: 6 additions & 5 deletions
diff --git a/‎models/domain.go‎
Lines changed: 3 additions & 3 deletions b/‎models/domain.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎pkg/domaintags/domaintags.go‎
Lines changed: 16 additions & 13 deletions b/‎pkg/domaintags/domaintags.go‎
Lines changed: 16 additions & 13 deletions
diff --git a/‎pkg/domaintags/domaintags_test.go‎
Lines changed: 48 additions & 14 deletions b/‎pkg/domaintags/domaintags_test.go‎
Lines changed: 48 additions & 14 deletions
@@ -22,13 +22,18 @@ Example:
 {
   "bind": {
     "TYPE": "BIND",
-    "directory": "myzones",
-    "filenameformat": "%U.zone"
+    "directory": "myzones"
   }
 }
 ```
 {% endcode %}
 
+As of v4.2.0 `dnscontrol push` will create subdirectories along the path to
+the filename. This includes both the portion of the path created by the
+`directory` setting and the `filenameformat` setting. For security reasons, the
+automatic creation of subdirectories is disabled if `dnscontrol` is running as
+root. (Running DNSControl as root is not recommended in general.)
+
 ## Meta configuration
 
 This provider accepts some optional metadata in the `NewDnsProvider()` call.
@@ -85,43 +90,59 @@ DNSControl does not handle special serial number math such as "looping through z
 # filenameformat
 
 The `filenameformat` parameter specifies the file name to be used when
-writing the zone file. The default (`%U.zone`) is acceptable in most cases: the
+writing the zone file. The default (`%c.zone`) is acceptable in most cases: the
 file name is the name as specified in the `D()` function plus ".zone".
 
 The filenameformat is a string with a few printf-like `%` verbs:
 
-  * The domain name without tag (the `example.com` part of `example.com!tag`):
-    * `%D`  as specified in `D()` (no IDN conversion, but downcased)
-    * `%I`  converted to IDN/Punycode (`xn--...`) and downcased.
-    * `%N`  converted to Unicode (downcased first)
-  * `%T`  the split horizon tag, or "" (the `tag` part of `example.com!tag`)
-  * `%?x` this returns `x` if the split horizon tag is non-null, otherwise nothing. `x` can be any printable but is usually `!`.
-  * `%U`  short for "%I%?!%T". This is the universal, canonical, name for the domain used for comparisons within DNSControl. This is best for filenames which is why it is used in the default.
-  * `%%`  `%`
-  * ordinary characters (not `%`) are copied unchanged to the output stream
-  * FYI: format strings must not end with an incomplete `%` or `%?`
-
-Typical values:
-
-  * `%U.zone` (The default)
-    * `example.com.zone` or `example.com!tag.zone`
-  * `%T%?_%I.zone`  (optional tag and `_` + domain + `.zone`)
-    * `tag_example.com.zone` or `example.com.zone`
-  * `db_%T%?_%D`
-    * `db_inside_example.com` or `db_example.com`
-
-{% hint style="warning" %}
-**Warning** DNSControl will not warn you if two zones generate the same
-filename. Instead, each will write to the same place.  The content would end up
-flapping back and forth between the two.  The best way to prevent this is to
-always include the tag (`%T`) or use `%U` which includes the tag.
-{% endhint %}
-
-(new in v4.2.0) `dnscontrol push` will create subdirectories along the path to
-the filename. This includes both the portion of the path created by the
-`directory` setting and the `filenameformat` setting. The automatic creation of
-subdirectories is disabled if `dnscontrol` is running as root for security
-reasons.
+| Verb    | Description                                       | `EXAMple.com` | `EXAMple.com!MyTag` | `рф.com!myTag`       |
+| ------- | ------------------------------------------------- | ------------- | ------------------- | -------------------- |
+| `%T`    | the tag                                           | "" (null)     | `myTag`             | `myTag`              |
+| `%c`    | canonical name, globally unique and comparable    | `example.com` | `example.com!myTag` | `xn--p1ai.com!myTag` |
+| `%a`    | ASCII domain (Punycode, downcased)                | `example.com` | `example.com`       | `xn--p1ai.com`       |
+| `%u`    | Unicode domain (non-Unicode parts downcased)      | `example.com` | `example.com`       | `рф.com`             |
+| `%r`    | Raw (unmodified) Domain from `D()` (risky!)       | `EXAMple.com` | `EXAMple.com`       | `рф.com`             |
+| `%f`    | like `%c` but better for filenames (`%a%?_%T`)    | `example.com` | `example.com_myTag` | `xn--p1ai.com_myTag` |
+| `%F`    | like `%f` but reversed order (`%T%?_%a`)          | `example.com` | `myTag_example.com` | `myTag_xn--p1ai.com` |
+| `%?x`   | returns `x` if tag exists, otherwise ""           | "" (null)     | `x`                 | `x`                  |
+| `%%`    | a literal percent sign                            | `%`           | `%`                 | `%`                  |
+| `a-Z./` | other printable characters are copied exactly     | `a-Z./`       | `a-Z./`             | `a-Z./`              |
+| `%U`    | (deprecated, use `%c`) Same as `%D%?!%T` (risky!) | `example.com` | `example.com!myTag` | `рф.com!myTag`       |
+| `%D`    | (deprecated, use `%r`) mangles Unicode (risky!)   | `example.com` | `example.com`       | `рф.com`             |
+
+* `%?x` is typically used to generate an optional `!` or `_` if there is a tag.
+* `%r` is considered "risky" because it can produce a domain name that is not
+    canonical. For example, if you use `D("FOO.com")` and later change it to `D("foo.com")`, your file names will change.
+* Format strings must not end with an incomplete `%` or `%?`
+* Generating a filename without a tag is risky. For example, if the same
+   `dnsconfig.js` has `D("example.com!inside", DSP_BIND)` and
+   `D("example.com!outside", DSP_BIND)`, both will use the same filename.
+   DNSControl will write both zone files to the same file, flapping between the
+   two. No error or warning will be output.
+
+Useful examples:
+
+| Verb         | Description                         | `EXAMple.com`      | `EXAMple.com!MyTag`      | `рф.com!myTag`            |
+| ------------ | ----------------------------------- | ------------------ | ------------------------ | ------------------------- |
+| `%c.zone`    | Default format (v4.28 and later)    | `example.com.zone` | `example.com!myTag.zone` | `xn--p1ai.com!myTag.zone` |
+| `%U.zone`    | Default format (pre-v4.28) (risky!) | `example.com.zone` | `example.com!myTag.zone` | `рф.com!myTag.zone`       |
+| `db_%f`      | Recommended in a popular DNS book   | `db_example.com`   | `db_example.com_myTag`   | `db_xn--p1ai.com_myTag`   |
+| `db_%a%?_%T` | same as above but using `%?_`       | `db_example.com`   | `db_example.com_myTag`   | `db_xn--p1ai.com_myTag`   |
+
+Compatibility notes:
+
+* `%D` should not be used. It downcases the string in a way that is probably
+    incompatible with Unicode characters.  It is retained for compatibility with
+    pre-v4.28 releases. If your domain has capital Unicode characters, backwards
+    compatibility is not guaranteed. Use `%r` instead.
+* `%U` relies on `%D` which is deprecated. Use `%c` instead.
+* As of v4.28 the default format string changed from `%U.zone` to `%c.zone`. This
+    should only matter if your `D()` statements included non-ASCII (Unicode)
+    runes that were capitalized.
+* If you are using pre-v4.28 releases the above table is slightly misleading
+    because uppercase ASCII letters do not always work. If you are using
+    pre-v4.28 releases, assume the above table lists `example.com` instead
+    of `EXAMpl.com`.
 
 # FYI: get-zones
 
@@ -132,7 +153,8 @@ any files named `*.zone` and assumes they are zone files.
 dnscontrol get-zones --format=nameonly - BIND all
 ```
 
-If `filenameformat` is defined, `dnscontrol` makes a guess at which
-filenames are zones but doesn't try to hard to get it right, which is
-mathematically impossible in some cases.  Feel free to file an issue if
-your format string doesn't work. I love a challenge!
+If `filenameformat` is defined, `dnscontrol` makes a guess at which filenames
+are zones by reversing the logic of the format string. It doesn't try very hard
+to get this right, as getting it right in all situations is mathematically
+impossible.  Feel free to file an issue if find a situation where it doesn't
+work. I love a challenge!
@@ -2033,11 +2033,6 @@ func makeTests() []*TestGroup {
 			),
 		),
 
-		// This MUST be the last test.
-		testgroup("final",
-			tc("final", txt("final", `TestDNSProviders was successful!`)),
-		),
-
 		testgroup("SMIMEA",
 			requires(providers.CanUseSMIMEA),
 			tc("SMIMEA record", smimea("_443._tcp", 3, 1, 1, sha256hash)),
@@ -2060,6 +2055,12 @@ func makeTests() []*TestGroup {
 		//    every quarter. There may be library updates, API changes,
 		//    etc.
 
+		// This SHOULD be the last test. We do this so that we always
+		// leave zones with a single TXT record exclaming our success.
+		// Nothing depends on this record existing or should depend on it.
+		testgroup("final",
+			tc("final", txt("final", `TestDNSProviders was successful!`)),
+		),
 	}
 
 	return tests
 
@@ -13,7 +13,7 @@ const (
 	DomainTag         = "dnscontrol_tag"         // A copy of DomainConfig.Tag
 	DomainUniqueName  = "dnscontrol_uniquename"  // A copy of DomainConfig.UniqueName
 	DomainNameRaw     = "dnscontrol_nameraw"     // A copy of DomainConfig.NameRaw
-	DomainNameIDN     = "dnscontrol_nameidn"     // A copy of DomainConfig.NameIDN
+	DomainNameASCII   = "dnscontrol_nameascii"   // A copy of DomainConfig.NameASCII
 	DomainNameUnicode = "dnscontrol_nameunicode" // A copy of DomainConfig.NameUnicode
 )
 
@@ -74,15 +74,15 @@ func (dc *DomainConfig) PostProcess() {
 
 	// Turn the user-supplied name into the fixed forms.
 	ff := domaintags.MakeDomainFixForms(dc.Name)
-	dc.Tag, dc.NameRaw, dc.Name, dc.NameUnicode, dc.UniqueName = ff.Tag, ff.NameRaw, ff.NameIDN, ff.NameUnicode, ff.UniqueName
+	dc.Tag, dc.NameRaw, dc.Name, dc.NameUnicode, dc.UniqueName = ff.Tag, ff.NameRaw, ff.NameASCII, ff.NameUnicode, ff.UniqueName
 
 	// Store the FixForms is Metadata so we don't have to change the signature of every function that might need them.
 	// This is a bit ugly but avoids a huge refactor. Please avoid using these to make the future refactor easier.
 	if dc.Tag != "" {
 		dc.Metadata[DomainTag] = dc.Tag
 	}
 	//dc.Metadata[DomainNameRaw] = dc.NameRaw
-	//dc.Metadata[DomainNameIDN] = dc.Name
+	//dc.Metadata[DomainNameASCII] = dc.Name
 	//dc.Metadata[DomainNameUnicode] = dc.NameUnicode
 	dc.Metadata[DomainUniqueName] = dc.UniqueName
 }
 
@@ -9,7 +9,7 @@ import (
 // DomainFixedForms stores the various fixed forms of a domain name and tag.
 type DomainFixedForms struct {
 	NameRaw     string // "originalinput.com" (name as input by the user, lowercased (no tag))
-	NameIDN     string // "punycode.com"
+	NameASCII   string // "punycode.com"
 	NameUnicode string // "unicode.com" (converted to downcase BEFORE unicode conversion)
 	UniqueName  string // "punycode.com!tag"
 
@@ -25,7 +25,7 @@ type DomainFixedForms struct {
 // * .UniqueName: "example.com!tag" unique across the entire config.
 func MakeDomainFixForms(n string) DomainFixedForms {
 	var err error
-	var tag, nameRaw, nameIDN, nameUnicode, uniqueName string
+	var tag, nameRaw, nameASCII, nameUnicode, uniqueName string
 	var hasBang bool
 
 	// Split tag from name.
@@ -38,42 +38,45 @@ func MakeDomainFixForms(n string) DomainFixedForms {
 		hasBang = false
 	}
 
-	nameRaw = strings.ToLower(p[0])
+	nameRaw = p[0]
 	if strings.HasPrefix(n, nameRaw) {
 		// Avoid pointless duplication.
 		nameRaw = n[0:len(nameRaw)]
 	}
 
-	nameIDN, err = idna.ToASCII(nameRaw)
+	nameASCII, err = idna.ToASCII(nameRaw)
 	if err != nil {
-		nameIDN = nameRaw // Fallback to raw name on error.
+		nameASCII = nameRaw // Fallback to raw name on error.
 	} else {
+		nameASCII = strings.ToLower(nameASCII)
 		// Avoid pointless duplication.
-		if nameIDN == nameRaw {
-			nameIDN = nameRaw
+		if strings.HasPrefix(n, nameASCII) {
+			// Avoid pointless duplication.
+			nameASCII = n[0:len(nameASCII)]
 		}
 	}
 
-	nameUnicode, err = idna.ToUnicode(nameRaw)
+	nameUnicode, err = idna.ToUnicode(nameASCII) // We use nameASCII since it is already lowercased.
 	if err != nil {
 		nameUnicode = nameRaw // Fallback to raw name on error.
 	} else {
 		// Avoid pointless duplication.
-		if nameUnicode == nameRaw {
-			nameUnicode = nameRaw
+		if strings.HasPrefix(n, nameUnicode) {
+			// Avoid pointless duplication.
+			nameUnicode = n[0:len(nameUnicode)]
 		}
 	}
 
 	if hasBang {
-		uniqueName = nameIDN + "!" + tag
+		uniqueName = nameASCII + "!" + tag
 	} else {
-		uniqueName = nameIDN
+		uniqueName = nameASCII
 	}
 
 	return DomainFixedForms{
 		Tag:         tag,
 		NameRaw:     nameRaw,
-		NameIDN:     nameIDN,
+		NameASCII:   nameASCII,
 		NameUnicode: nameUnicode,
 		UniqueName:  uniqueName,
 		HasBang:     hasBang,
 
@@ -10,7 +10,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 		input           string
 		wantTag         string
 		wantNameRaw     string
-		wantNameIDN     string
+		wantNameASCII   string
 		wantNameUnicode string
 		wantUniqueName  string
 		wantHasBang     bool
@@ -20,7 +20,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "example.com",
 			wantTag:         "",
 			wantNameRaw:     "example.com",
-			wantNameIDN:     "example.com",
+			wantNameASCII:   "example.com",
 			wantNameUnicode: "example.com",
 			wantUniqueName:  "example.com",
 			wantHasBang:     false,
@@ -30,7 +30,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "example.com!mytag",
 			wantTag:         "mytag",
 			wantNameRaw:     "example.com",
-			wantNameIDN:     "example.com",
+			wantNameASCII:   "example.com",
 			wantNameUnicode: "example.com",
 			wantUniqueName:  "example.com!mytag",
 			wantHasBang:     true,
@@ -40,7 +40,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "example.com!",
 			wantTag:         "",
 			wantNameRaw:     "example.com",
-			wantNameIDN:     "example.com",
+			wantNameASCII:   "example.com",
 			wantNameUnicode: "example.com",
 			wantUniqueName:  "example.com!",
 			wantHasBang:     true,
@@ -50,7 +50,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "उदाहरण.com",
 			wantTag:         "",
 			wantNameRaw:     "उदाहरण.com",
-			wantNameIDN:     "xn--p1b6ci4b4b3a.com",
+			wantNameASCII:   "xn--p1b6ci4b4b3a.com",
 			wantNameUnicode: "उदाहरण.com",
 			wantUniqueName:  "xn--p1b6ci4b4b3a.com",
 			wantHasBang:     false,
@@ -60,7 +60,7 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "उदाहरण.com!mytag",
 			wantTag:         "mytag",
 			wantNameRaw:     "उदाहरण.com",
-			wantNameIDN:     "xn--p1b6ci4b4b3a.com",
+			wantNameASCII:   "xn--p1b6ci4b4b3a.com",
 			wantNameUnicode: "उदाहरण.com",
 			wantUniqueName:  "xn--p1b6ci4b4b3a.com!mytag",
 			wantHasBang:     true,
@@ -70,17 +70,29 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			input:           "xn--p1b6ci4b4b3a.com",
 			wantTag:         "",
 			wantNameRaw:     "xn--p1b6ci4b4b3a.com",
-			wantNameIDN:     "xn--p1b6ci4b4b3a.com",
+			wantNameASCII:   "xn--p1b6ci4b4b3a.com",
 			wantNameUnicode: "उदाहरण.com",
 			wantUniqueName:  "xn--p1b6ci4b4b3a.com",
 			wantHasBang:     false,
 		},
+		{
+			// Unicode chars should be left alone (as far as case folding goes)
+			// Here are some Armenian characters https://tools.lgm.cl/lettercase.html
+			name:            "mixed case unicode",
+			input:           "fooԷէԸըԹ.com!myTag",
+			wantTag:         "myTag",
+			wantNameRaw:     "fooԷէԸըԹ.com",
+			wantNameASCII:   "xn--foo-b7dfg43aja.com",
+			wantNameUnicode: "fooԷէԸըԹ.com",
+			wantUniqueName:  "xn--foo-b7dfg43aja.com!myTag",
+			wantHasBang:     true,
+		},
 		{
 			name:            "punycode domain with tag",
 			input:           "xn--p1b6ci4b4b3a.com!mytag",
 			wantTag:         "mytag",
 			wantNameRaw:     "xn--p1b6ci4b4b3a.com",
-			wantNameIDN:     "xn--p1b6ci4b4b3a.com",
+			wantNameASCII:   "xn--p1b6ci4b4b3a.com",
 			wantNameUnicode: "उदाहरण.com",
 			wantUniqueName:  "xn--p1b6ci4b4b3a.com!mytag",
 			wantHasBang:     true,
@@ -89,8 +101,8 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			name:            "mixed case domain",
 			input:           "Example.COM",
 			wantTag:         "",
-			wantNameRaw:     "example.com",
-			wantNameIDN:     "example.com",
+			wantNameRaw:     "Example.COM",
+			wantNameASCII:   "example.com",
 			wantNameUnicode: "example.com",
 			wantUniqueName:  "example.com",
 			wantHasBang:     false,
@@ -99,12 +111,34 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			name:            "mixed case domain with tag",
 			input:           "Example.COM!MyTag",
 			wantTag:         "MyTag",
-			wantNameRaw:     "example.com",
-			wantNameIDN:     "example.com",
+			wantNameRaw:     "Example.COM",
+			wantNameASCII:   "example.com",
 			wantNameUnicode: "example.com",
 			wantUniqueName:  "example.com!MyTag",
 			wantHasBang:     true,
 		},
+		// This is used in the documentation for the BIND provider, thus we test
+		// it to make sure we got it right.
+		{
+			name:            "BIND example 1",
+			input:           "рф.com!myTag",
+			wantTag:         "myTag",
+			wantNameRaw:     "рф.com",
+			wantNameASCII:   "xn--p1ai.com",
+			wantNameUnicode: "рф.com",
+			wantUniqueName:  "xn--p1ai.com!myTag",
+			wantHasBang:     true,
+		},
+		{
+			name:            "BIND example 2",
+			input:           "рф.com",
+			wantTag:         "",
+			wantNameRaw:     "рф.com",
+			wantNameASCII:   "xn--p1ai.com",
+			wantNameUnicode: "рф.com",
+			wantUniqueName:  "xn--p1ai.com",
+			wantHasBang:     false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -116,8 +150,8 @@ func Test_MakeDomainFixForms(t *testing.T) {
 			if got.NameRaw != tt.wantNameRaw {
 				t.Errorf("MakeDomainFixForms() gotNameRaw = %v, want %v", got.NameRaw, tt.wantNameRaw)
 			}
-			if got.NameIDN != tt.wantNameIDN {
-				t.Errorf("MakeDomainFixForms() gotNameIDN = %v, want %v", got.NameIDN, tt.wantNameIDN)
+			if got.NameASCII != tt.wantNameASCII {
+				t.Errorf("MakeDomainFixForms() gotNameASCII = %v, want %v", got.NameASCII, tt.wantNameASCII)
 			}
 			if got.NameUnicode != tt.wantNameUnicode {
 				t.Errorf("MakeDomainFixForms() gotNameUnicode = %v, want %v", got.NameUnicode, tt.wantNameUnicode)