Peculiar DNS queries
Tony Finch
dot at dotat.at
Mon Dec 30 19:10:57 UTC 2019
Fred Morris <m3047 at m3047.net> wrote:
> Regarding case, in any case (pardon the pun) case is not guaranteed.
> Especially regarding dynamic updates, your case will not be preserved
> (and maybe I fat-fingered and left caps lock on once upon a time without
> realizing it) in the authoritative zone.
Well, it's a bit more complicated than that, I'm afraid! The case that you
use in zone files and UPDATEs should be preserved on disk and (I think?)
through zone transfers, but not necessarily in answers to queries.
The link that Lars Kollstedt posted (repeated below) explains that BIND is
now by default stricter at preserving case than it used to be, in answers
to queries as well as other authoritative data operations.
https://indico.dns-oarc.net/event/20/contributions/265/attachments/254/471/ISC-case-sensitivity.pdf
There is a `no-case-compress` ACL that you can use to revert to the old
behaviour.
https://ftp.isc.org/isc/bind9/9.15.7/doc/arm/Bv9ARM.ch05.html
It's very difficult to make the DNS properly case-preserving, because a
parent zone and a child zone can disagree with each other about the case
of the parent zone. It's not as easy as it used to be to observe this in
the wild because lower case is nearly universal, but (for example) if you
have a time machine you can observe that the root zone was all upper case
before it was signed in 2010.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
North Rockall, Malin: Northwesterly 4 or 5, backing southerly 5 to 7 later.
Rough. Fair. Good.
More information about the bind-users
mailing list