<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 29/07/2023 23.20, Puneet Sood via
dns-operations wrote:<br>
</div>
<blockquote type="cite"
cite="mid:mailman.836.1690665678.28592.dns-operations@lists.dns-oarc.net">
<pre class="moz-quote-pre" wrap="">The worst are the small number that return NXDOMAIN for the queries or timeout.</pre>
</blockquote>
<p>Those are clear protocol violation, as the names are case
insensitive from the very beginning (RFC 1034 + 1035), regardless
of deploying the 0x20 draft. I'll be glad if they start failing
on 8.8.8.8 now, hoping that would put sufficient pressure on such
cases.<br>
</p>
<p>However, relying on receiving the same case is more difficult, as
AFAIK no RFC implies that the cases in QNAME need to match. But
yes, that TCP fallback is a nice workaround for those uncommon
cases, so it doesn't matter really. We've used it in Knot
Resolver's implementation for years, as case randomization is
default there.</p>
<p>(Of course, nowadays I'd ideally focus on more secure
anti-spoofing techniques like DNSSEC...)<br>
</p>
<p>--Vladimir<br>
</p>
</body>
</html>