[nsd-users] NSD compressing RP content
matthijs at nlnetlabs.nl
Thu Mar 7 15:02:49 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 03/07/2013 03:37 PM, Peter van Dijk wrote:
> Hello Matthijs,
> 3597 also deals with it by saying nsd MUST NOT compress these
You are absolutely right in that. And it's going to be fixed in the
next release (of course, that should have happened already around
September 2003. Better late than never).
> The harm is in NSD ignoring a MUST NOT, relying on recursors to
> implement a SHOULD. This should, of course, be the other way
I think it is a safe assumption, as pre-3597 recursors should have
done that, and after 3597 they still should do it ;-).
> Naturally, PowerDNS now honors the SHOULD, as interoperability is
Agreed. And that's why we will fix it in NSD too.
> And yes, my request extends to all types not mentioned in 1035, as
> mandated by 3597.
> Kind regards, Peter van Dijk
> On Mar 4, 2013, at 16:00 , Matthijs Mekking wrote:
>> Hi Peter,
>> Sure we can send RP domain names uncompressed from now on.
>> I can understand your reasoning: RP is not defined in RFC 1035,
>> hence it is not allowed to use *name* compression.
>> However, RP (and AFSDB and RT) are defined in RFC 1183, and at
>> the time that that specification was written, name compression
>> was allowed for these records (not explicitly mentioned in the
>> specification). RFC3597 deals with this saying that *receiving*
>> servers should decompress domain names in these RRs.
>> So I fail to see where things might be harmful. PowerDNS should
>> have no problem if it implements RFC3597, as RP should be
>> decompressed, as BIND and Unbound does too (Unbound actually
>> decompresses all domain names of known RR types).
>> Also, I assume your request is not limited to RP, but is also for
>> AFSDB and RT.
>> Best regards, Matthijs
>> On 03/01/2013 03:22 PM, Peter van Dijk wrote:
>>> while investigating a report from Jan-Piet Mens (resulting in
>>> http://wiki.powerdns.com/trac/changeset/3109), we discovered
>>> that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP
>>> content. As far as I can see, this is not allowed by RFC3597
>>> section 4 paragraph 1/2.
>>> PowerDNS Recursor, like Unbound and BIND, now deals with this
>>> as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless, it
>>> would be great if NSD could honor the MUST NOT in paragraph 2.
>>> Kind regards,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the nsd-users