[dns-operations] lowercasing of questions from recursor to auths?
dwessels at verisign.com
Fri Feb 5 17:17:10 UTC 2016
The ISC folks gave an interesting presentation related to this at a 2014 DNS-OARC meeting:
Based on that, my understanding is that you can probably lowercase the query name
to the auth server, but you might want to make compression case-sensitive as BIND
> On Feb 5, 2016, at 8:15 AM, Peter van Dijk <peter.van.dijk at powerdns.com> wrote:
> Hello fellow DNS people,
> we recently got a request from a user to lowercase questions sent from the
> PowerDNS Recursor to auths on the Internet, even if the question the Recursor
> got from the client was in mixed case. My initial thought was “why don’t we do
> that already - after all, once cached there are no case guarantees anyway”.
> So I did some digging and investigation - all of PowerDNS, BIND and Unbound
> preserve case on the initial question to the auth (i.e. the uncached case).
> Unbound with 0x20 enabled, of course, does not preserve case.
> Now, experience with unbound’s 0x20 implementation shows, as I recall it, that
> it breaks some auths (no surprise there) but I have not heard anything about
> it breaking client applications (although one imagines that some DNS
> tunnelling software might be affected).
> My concrete question: can you imagine operational downsides to lowercasing all
> questions sent to auths? Because I don’t see it, but we’ve gone 15 years
> (longer for other implementations) preserving case so I need to be careful.
> (In case the question comes up, this discussion is triggered by widget.criteo.com
> returning several IPs instead of just one when asked in non-lowercase.)
> Kind regards,
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
More information about the dns-operations