Hi Fred, On Montag, 23. Dezember 2019 01:08:54 CET Fred Morris wrote: > but in cache e.g. isc.org matches ISC.ORG or isc.ORG, or > ISC.org... hopefully you get the idea.
Thats expected behavior. And has IMHO something to do with https://tools.ietf.org/html/rfc4343 and the elder DNS RFCs not with dnsext-dns0x20 but the implementations of the case insensitivity in the public DNS were much older. The dnsext-dns0x20 uses the previously present behavior of many implementations to echo back the character case of the request in the reply but matching case insensitive. If it gets anything else and no DNS Cookie back the resolver will wait a short while for a better matching answer, and then give the non matching back. That's at least my reading of this. The matching in the cache is still done case insensitive, and the character case is re randomized on each resolver and DNS Client supporting this. As far as i've seen some client libraries are leaking the camel case back, which might cause problems. But that's a problem between the library and the application using it and can be fixed in both. dnsext-dns0x20 addresses recent spoofing problems on well connected resolvers since the source port randomization doesn't provide enough entropy for them and the attacks were already seen in the wild. If your client application is really asking in lowercase it still will get lowercase back. So you can ask for WwW.iSC.oRg and you will get an answer for WwW.iSC.oRg back with the same result as for www.isc.org or WWW.ISC.ORG. But if a library gets a query for www.isc.org from the application it's used by and is randomizing this e.g. to WwW.iSC.oRg it should hopefully return a result for www.isc.org again. Other behavior might break things. ;-) Kind regards Lars -- Lars Kollstedt Telefon: +49 6151 16-71027 E-Mail: l...@man-da.de man-da.de GmbH Dolivostraße 11 64293 Darmstadt Sitz der Gesellschaft: Darmstadt Amtsgericht Darmstadt, HRB 9484 Geschäftsführer: Andreas Ebert _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users