[Unbound-users] [Q] HINFO in signed zone results SERVFAIL, but NOERROR with BIND
W.C.A. Wijngaards
wouter at NLnetLabs.nl
Wed Jan 7 07:02:09 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Florian Weimer wrote:
> * W. C. A. Wijngaards:
>
>> This is an interpretation problem in RFC4034 6.2(3).
>>
>> A workaround is to give your HINFO in lowercase:
>> HINFO "vmware" "freebsd"
>>
>> Unbound lowercases all text in the rdata of HINFO records before
>> verification. Because that is what I believe RFC4034 6.2(3) means.
>
> The two strings aren't DNS names (<domain-name>s), so they shouldn't
> be lower-cased. I don't know why RFC 4034 specifies HINFO, it seems a
> mistake.
Yes, I have been convinced of that too. So, unbound no longer downcases
the HINFO rdata.
> How do you handle NAPTR? As far as I understand RFC 4034, you should
> downcase the replacement only.
Yes, one domain name field gets lowercased, the rest is not lowercased.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklkU3EACgkQkDLqNwOhpPhQIQCgr/M2cXd4LmgqfLVCMEol8Gil
HFgAoLFWludSljUxffHKsHckylRPUeE3
=T3Nz
-----END PGP SIGNATURE-----
More information about the Unbound-users
mailing list