--- Begin Message ---
On 29/07/2023 23.20, Puneet Sood via dns-operations wrote:
The worst are the small number that return NXDOMAIN for the queries or timeout.
Those are clear protocol violation, as the names are case insensitive
from the very beginning (RFC 1034 + 1035), regardless of deploying the
0x20 draft. I'll be glad if they start failing on 8.8.8.8 now, hoping
that would put sufficient pressure on such cases.
However, relying on receiving the same case is more difficult, as AFAIK
no RFC implies that the cases in QNAME need to match. But yes, that TCP
fallback is a nice workaround for those uncommon cases, so it doesn't
matter really. We've used it in Knot Resolver's implementation for
years, as case randomization is default there.
(Of course, nowadays I'd ideally focus on more secure anti-spoofing
techniques like DNSSEC...)
--Vladimir
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
