On 04.04.2018 16:30, Tim Düsterhus wrote: > Dale, > > Am 03.04.2018 um 16:17 schrieb Dale Smith: >> I'm trying to understand what system is at fault here; the DNS server for >> not responding with the same case as the query, or HAProxy which >> should be >> performing a case insensitive match. > > This is left unspecified in the standards, but on the other hand there > is this Internet Draft: > https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 which wants to > mandate case preserval to make DNS spoofing harder by introducing more > entropy in the DNS request. > > I recommend to fix your internal DNS server, because case preserving > behaviour seems to be somewhat expected according to a quick Google search.
There is this: Domain Name System (DNS) Case Insensitivity Clarification: https://tools.ietf.org/html/rfc4343#section-3.1 In section 3 it says this: 3. Name Lookup, Label Types, and CLASS According to the original DNS design decision, comparisons on name lookup for DNS queries should be case insensitive [STD13]. That is to say, a lookup string octet with a value in the inclusive range from 0x41 to 0x5A, the uppercase ASCII letters, MUST match the identical value and also match the corresponding value in the inclusive range from 0x61 to 0x7A, the lowercase ASCII letters. A lookup string octet with a lowercase ASCII letter value MUST similarly match the identical value and also match the corresponding value in the uppercase ASCII letter range. (Historical note: The terms "uppercase" and "lowercase" were invented after movable type. The terms originally referred to the two font trays for storing, in partitioned areas, the different physical type elements. Before movable type, the nearest equivalent terms were "majuscule" and "minuscule".) This reads to me like HAProxy should match characters in the ranges 0x41 to 0x5A and 0x61 to 0x7A insensitively as long as the label type is ASCII. Section 4.1 "DNS Output Case Preservation" mentions this: "No "case conversion" or "case folding" is done during such output operations, thus "preserving" case." Regrads, Dennis