[nsd-users] NSD answer apparently depends on case-pattern of question
wouter at nlnetlabs.nl
Fri Oct 9 07:26:20 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 08/10/15 17:00, Niall O'Reilly wrote:
> Zonemaster is giving me the following error message:
> When asked for SOA records on "wWw.NO8.be" and "wwW.nO8.BE",
> nameserver ns1.no8.be/2001:770:13f::35:1 returns different
But there is no difference between these answers. Zonemaster must be
wrong? DNS is case insensitive, so these answers are identical.
NSD compresses the domain names in the answer towards the mangled
upper and lowercase of your question, which you then see repeated in
the answers. This makes the packet smaller.
The zone data is in lowercase, because NSD lowercases all its zone
data (whether primary or secondary zones). In case you were wondering
about the case of the zone data.
I have to echo the query section with its mangled upper and lowercase
because of 0x20 hacks that people are using to get extra entropy in
Best regards, Wouter
> I believe that this is the only one (of three) authorities for
> no8.be which is running NSD. I also believe that the answer
> should depend only on zone data, and not be "modulated" by
> differences between equivalent presentations of the question.
> I suspect a bug in NSD's code for building the answer. Perhaps
> it's a known one already?
> The following script may help to visualize the behaviour.
> -- snip -- #!/bin/sh
> qnames="NO8.be nO8.BE wWw.NO8.be wwW.nO8.BE" servers=`dig +norec
> +short @ns1.no8.be no8.be ns`
> for name in $qnames do for auth in $servers do dig +norec @$auth
> $name soa done done -- snip --
> Best regards, Niall O'Reilly
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the nsd-users