[dns-operations] lowercasing of questions from recursor to auths?
Peter van Dijk
peter.van.dijk at powerdns.com
Fri Feb 5 16:15:07 UTC 2016
Hello fellow DNS people,
we recently got a request from a user to lowercase questions sent from the
PowerDNS Recursor to auths on the Internet, even if the question the Recursor
got from the client was in mixed case. My initial thought was “why don’t we do
that already - after all, once cached there are no case guarantees anyway”.
So I did some digging and investigation - all of PowerDNS, BIND and Unbound
preserve case on the initial question to the auth (i.e. the uncached case).
Unbound with 0x20 enabled, of course, does not preserve case.
Now, experience with unbound’s 0x20 implementation shows, as I recall it, that
it breaks some auths (no surprise there) but I have not heard anything about
it breaking client applications (although one imagines that some DNS
tunnelling software might be affected).
My concrete question: can you imagine operational downsides to lowercasing all
questions sent to auths? Because I don’t see it, but we’ve gone 15 years
(longer for other implementations) preserving case so I need to be careful.
(In case the question comes up, this discussion is triggered by widget.criteo.com
returning several IPs instead of just one when asked in non-lowercase.)
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160205/97a11cf2/attachment.sig>
More information about the dns-operations
mailing list