[dns-operations] Google Public DNS has enabled case randomization globally

Vladimír Čunát vladimir.cunat+ietf at nic.cz
Mon Jul 31 16:34:15 UTC 2023


On 29/07/2023 23.20, Puneet Sood via dns-operations wrote:
> The worst are the small number that return NXDOMAIN for the queries or timeout.

Those are clear protocol violation, as the names are case insensitive 
from the very beginning (RFC 1034 + 1035), regardless of deploying the 
0x20 draft.  I'll be glad if they start failing on 8.8.8.8 now, hoping 
that would put sufficient pressure on such cases.

However, relying on receiving the same case is more difficult, as AFAIK 
no RFC implies that the cases in QNAME need to match.  But yes, that TCP 
fallback is a nice workaround for those uncommon cases, so it doesn't 
matter really.  We've used it in Knot Resolver's implementation for 
years, as case randomization is default there.

(Of course, nowadays I'd ideally focus on more secure anti-spoofing 
techniques like DNSSEC...)

--Vladimir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20230731/0dc75955/attachment.html>


More information about the dns-operations mailing list