[dns-operations] lowercasing of questions from recursor to auths?

Wessels, Duane dwessels at verisign.com
Fri Feb 5 17:17:10 UTC 2016 

Hi Peter,

The ISC folks gave an interesting presentation related to this at a 2014 DNS-OARC meeting:

https://indico.dns-oarc.net/event/20/session/2/contribution/12

Based on that, my understanding is that you can probably lowercase the query name
to the auth server, but you might want to make compression case-sensitive as BIND
now does.


DW


> On Feb 5, 2016, at 8:15 AM, Peter van Dijk <peter.van.dijk at powerdns.com> wrote:
> 
> Hello fellow DNS people,
> 
> we recently got a request from a user to lowercase questions sent from the
> PowerDNS Recursor to auths on the Internet, even if the question the Recursor
> got from the client was in mixed case. My initial thought was “why don’t we do
> that already - after all, once cached there are no case guarantees anyway”.
> 
> So I did some digging and investigation - all of PowerDNS, BIND and Unbound
> preserve case on the initial question to the auth (i.e. the uncached case).
> Unbound with 0x20 enabled, of course, does not preserve case.
> 
> Now, experience with unbound’s 0x20 implementation shows, as I recall it, that
> it breaks some auths (no surprise there) but I have not heard anything about
> it breaking client applications (although one imagines that some DNS
> tunnelling software might be affected).
> 
> My concrete question: can you imagine operational downsides to lowercasing all
> questions sent to auths? Because I don’t see it, but we’ve gone 15 years
> (longer for other implementations) preserving case so I need to be careful.
> 
> (In case the question comes up, this discussion is triggered by widget.criteo.com
> returning several IPs instead of just one when asked in non-lowercase.)
> 
> Kind regards,
> -- 
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

More information about the dns-operations mailing list