[nsd-users] NSD answer apparently depends on case-pattern of question
Niall O'Reilly
niall.oreilly at ucd.ie
Fri Oct 9 12:07:20 UTC 2015
Hi, Wouter.
On Fri, 09 Oct 2015 08:26:20 +0100,
W.C.A. Wijngaards wrote:
>
> On 08/10/15 17:00, Niall O'Reilly wrote:
> > Hi.
> >
> > Zonemaster is giving me the following error message:
> >
> > When asked for SOA records on "wWw.NO8.be" and "wwW.nO8.BE",
> > nameserver ns1.no8.be/2001:770:13f::35:1 returns different
> > answers.
>
> But there is no difference between these answers. Zonemaster must be
> wrong? DNS is case insensitive, so these answers are identical.
I think that's an overstatement, and respectfully suggest careful
re-reading of Section 3.1 of RFC1034.
> NSD compresses the domain names in the answer towards the mangled
> upper and lowercase of your question, which you then see repeated in
> the answers. This makes the packet smaller.
Of course it makes the response smaller, but it's not consistent
with (my reading of) the section of RFC1034 mentioned above: "When
you receive a domain name or label, you should preserve its case."
IMHO, the answer is "received" from the zone data, not from the
question.
> The zone data is in lowercase, because NSD lowercases all its zone
> data (whether primary or secondary zones). In case you were wondering
> about the case of the zone data.
That seems to me to be an intrusion on the role of the zone
administrator, from whom the data is "received" (in the sense I used
above) by NSD in the zone file.
> I have to echo the query section with its mangled upper and lowercase
> because of 0x20 hacks that people are using to get extra entropy in
> DNS messages.
I agree that echoing the query section as received is the only
acceptable action. I'm concerned about the answer section.
But see my later reply to Fredrik Pettai.
Groeten
Niall
More information about the nsd-users
mailing list