[nsd-users] NSD compressing RP content

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Mar 7 15:02:49 UTC 2013

Hash: SHA1

Hi Peter,

On 03/07/2013 03:37 PM, Peter van Dijk wrote:
> Hello Matthijs,
> 3597 also deals with it by saying nsd MUST NOT compress these
> types.

You are absolutely right in that. And it's going to be fixed in the
next release (of course, that should have happened already around
September 2003. Better late than never).

> The harm is in NSD ignoring a MUST NOT, relying on recursors to
> implement a SHOULD. This should, of course, be the other way
> around.

I think it is a safe assumption, as pre-3597 recursors should have
done that, and after 3597 they still should do it ;-).

> Naturally, PowerDNS now honors the SHOULD, as interoperability is
> key.

Agreed. And that's why we will fix it in NSD too.

Best regards,

> And yes, my request extends to all types not mentioned in 1035, as
> mandated by 3597.
> Kind regards, Peter van Dijk
> On Mar 4, 2013, at 16:00 , Matthijs Mekking wrote:
>> Hi Peter,
>> Sure we can send RP domain names uncompressed from now on.
>> I can understand your reasoning: RP is not defined in RFC 1035,
>> hence it is not allowed to use *name* compression.
>> However, RP (and AFSDB and RT) are defined in RFC 1183, and at
>> the time that that specification was written, name compression
>> was allowed for these records (not explicitly mentioned in the
>> specification). RFC3597 deals with this saying that *receiving*
>> servers should decompress domain names in these RRs.
>> So I fail to see where things might be harmful. PowerDNS should
>> have no problem if it implements RFC3597, as RP should be
>> decompressed, as BIND and Unbound does too (Unbound actually
>> decompresses all domain names of known RR types).
>> Also, I assume your request is not limited to RP, but is also for
>> AFSDB and RT.
>> Best regards, Matthijs
>> On 03/01/2013 03:22 PM, Peter van Dijk wrote:
>>> Hello,
>>> while investigating a report from Jan-Piet Mens (resulting in
>>> http://wiki.powerdns.com/trac/changeset/3109), we discovered
>>> that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP
>>> content. As far as I can see, this is not allowed by RFC3597
>>> section 4 paragraph 1/2.
>>> PowerDNS Recursor, like Unbound and BIND, now deals with this
>>> as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless, it
>>> would be great if NSD could honor the MUST NOT in paragraph 2.
>>> Kind regards,

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/


More information about the nsd-users mailing list