[dns-operations] Google Public DNS has enabled case randomization globally
paul at redbarn.org
Sun Jul 30 00:35:22 UTC 2023
Evan Hunt wrote on 2023-07-29 13:58:
> (Resending because I accidentally replied privately.)
Evan Hunt wrote on 2023-07-29 13:55:
> On Sat, Jul 29, 2023 at 09:07:21AM -0700, Paul Vixie wrote:
>> would the google dns team be willing to contribute to this draft in
>> the ietf dns wg? we have not pressed the matter since 2008 simply
>> because noone cared. with google now deploying it for quad8, i
>> think we might get a different result today than we got 14 years
> Case randomization has been supported in quite a lot of resolvers
> for quite a long while. I know for sure that unbound and knot
> resolver both have it. (BIND doesn't, I'm not sure why not; we just
> never got around to it, I suppose.)
perhaps there would be many reviewers, then.
> If, on top of these other implementations, google is now deploying
> it, then they must have found it non-harmful, which would imply that
> all or nearly all currently-deployed authoritative server software
> must be repsonding to case-randomized queries correctly.
back in the day, only one rdns server was downcasing on cache miss, and
it was one of google's. dave presotto fixed it in about a day.
> As I recall, the 0x20 draft was mostly discussion of the problem
> space; the> only normative part was a protocol clarification that the
> question section has to be copied bit-for-bit into replies. ...
no. retry and fallback were specified. google's logic as described
up-thread is more subtle than what we recommended. that's where a
standard is needed, though i think we should also refer to every RFC
where bit-for-bit naming in cache misses is implied or stated.
> If I'm mistaken about that, and it's still only implicit, then I'd
> support clarifying the protocol in that way. If it's already been
> clarified, though, then I'm not sure why a 0x20 RFC is needed now.
we need to share knowledge about how to live with this change, simply
because until the 0x20 draft came along, unexpected behaviour was able
to be codified far and wide. sort of like drop-all-fragments was able to
become the norm in the decades before EDNS.
More information about the dns-operations