Problem listing DNS records based on content containing encoded equal


#1

I have an issue using the GET zones/:zone_identifier/dns_records API method to list DNS records, and filter them based on content. More specifically I have a problem with values containing a = encoded as %3D. Other special characters appear to work fine encoded.

Let me exemplify with the following test case.

$ dig +short encoded.coloncolonone.net TXT
"hello=world"
"hello&world"
"hello?world"
"hello;world"
$

I have no problem asking for the records containing &, ? or ;.

$ curl -sS -H "Content-Type:application/json" -H "X-Auth-Email:..." -H "X-Auth-Key:..." "https://api.cloudflare.com/client/v4/zones/.../dns_records?name=encoded.coloncolonone.net&type=TXT&content=hello%26world" | jq .result_info.count
1
$ curl -sS -H "Content-Type:application/json" -H "X-Auth-Email:..." -H "X-Auth-Key:..." "https://api.cloudflare.com/client/v4/zones/.../dns_records?name=encoded.coloncolonone.net&type=TXT&content=hello%3Fworld" | jq .result_info.count
1 
$ curl -sS -H "Content-Type:application/json" -H "X-Auth-Email:..." -H "X-Auth-Key:..." "https://api.cloudflare.com/client/v4/zones/.../dns_records?name=encoded.coloncolonone.net&type=TXT&content=hello%3Bworld" | jq .result_info.count
1 
$

Yet no match for the record containing a =.

$ curl -sS -H "Content-Type:application/json" -H "X-Auth-Email:..." -H "X-Auth-Key:..." "https://api.cloudflare.com/client/v4/zones/.../dns_records?name=encoded.coloncolonone.net&type=TXT&content=hello%3Dworld" | jq .result_info.count
0
$

Any chance that I have misunderstood, that the = character shouldn’t be encoded as %3D?

If not, would this be a known limitation in the Cloudflare API? Or are we dealing with a bug?


#2

Look at that!

$ curl -sS -H "Content-Type:application/json" -H "X-Auth-Email: ..." -H "X-Auth-Key: ..." "https://api.cloudflare.com/client/v4/zones/.../dns_records?name=encoded.coloncolonone.net&type=TXT&content=hello%3Dworld" | jq .result_info.count
1
$

Whatever was misbehaving previously appear to have been fixed now.