[dns-operations] Google Public DNS has enabled case randomization globally
Vladimír Čunát
vladimir.cunat+ietf at nic.cz
Mon Jul 31 16:34:15 UTC 2023
On 29/07/2023 23.20, Puneet Sood via dns-operations wrote:
> The worst are the small number that return NXDOMAIN for the queries or timeout.
Those are clear protocol violation, as the names are case insensitive
from the very beginning (RFC 1034 + 1035), regardless of deploying the
0x20 draft. I'll be glad if they start failing on 8.8.8.8 now, hoping
that would put sufficient pressure on such cases.
However, relying on receiving the same case is more difficult, as AFAIK
no RFC implies that the cases in QNAME need to match. But yes, that TCP
fallback is a nice workaround for those uncommon cases, so it doesn't
matter really. We've used it in Knot Resolver's implementation for
years, as case randomization is default there.
(Of course, nowadays I'd ideally focus on more secure anti-spoofing
techniques like DNSSEC...)
--Vladimir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20230731/0dc75955/attachment.html>
More information about the dns-operations
mailing list