[nsd-users] NSD answer apparently depends on case-pattern of question

Niall O'Reilly niall.oreilly at ucd.ie
Fri Oct 9 12:07:20 UTC 2015

  Hi, Wouter.

On Fri, 09 Oct 2015 08:26:20 +0100,
W.C.A. Wijngaards wrote:
> On 08/10/15 17:00, Niall O'Reilly wrote:
> > Hi.
> > 
> > Zonemaster is giving me the following error message:
> > 
> > When asked for SOA records on "wWw.NO8.be" and "wwW.nO8.BE",
> > nameserver ns1.no8.be/2001:770:13f::35:1 returns different
> > answers.
> But there is no difference between these answers.  Zonemaster must be
> wrong?  DNS is case insensitive, so these answers are identical.

  I think that's an overstatement, and respectfully suggest careful
  re-reading of Section 3.1 of RFC1034.

> NSD compresses the domain names in the answer towards the mangled
> upper and lowercase of your question, which you then see repeated in
> the answers.  This makes the packet smaller.

  Of course it makes the response smaller, but it's not consistent
  with (my reading of) the section of RFC1034 mentioned above: "When
  you receive a domain name or label, you should preserve its case."

  IMHO, the answer is "received" from the zone data, not from the

> The zone data is in lowercase, because NSD lowercases all its zone
> data (whether primary or secondary zones).  In case you were wondering
> about the case of the zone data.

  That seems to me to be an intrusion on the role of the zone
  administrator, from whom the data is "received" (in the sense I used
  above) by NSD in the zone file.

> I have to echo the query section with its mangled upper and lowercase
> because of 0x20 hacks that people are using to get extra entropy in
> DNS messages.

  I agree that echoing the query section as received is the only
  acceptable action.  I'm concerned about the answer section.

  But see my later reply to Fredrik Pettai.


More information about the nsd-users mailing list