On Fri, Apr 6, 2018 at 11:10 AM, Dennis Jacobfeuerborn < [email protected]> wrote:
> On 04.04.2018 16:30, Tim Düsterhus wrote: > > Dale, > > > > Am 03.04.2018 um 16:17 schrieb Dale Smith: > >> I'm trying to understand what system is at fault here; the DNS server > for > >> not responding with the same case as the query, or HAProxy which > >> should be > >> performing a case insensitive match. > > > > This is left unspecified in the standards, but on the other hand there > > is this Internet Draft: > > https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00 which wants to > > mandate case preserval to make DNS spoofing harder by introducing more > > entropy in the DNS request. > > > > I recommend to fix your internal DNS server, because case preserving > > behaviour seems to be somewhat expected according to a quick Google > search. > > There is this: > > Domain Name System (DNS) Case Insensitivity Clarification: > https://tools.ietf.org/html/rfc4343#section-3.1 > > In section 3 it says this: > > 3. Name Lookup, Label Types, and CLASS > > According to the original DNS design decision, comparisons on name > lookup for DNS queries should be case insensitive [STD13]. That is > to say, a lookup string octet with a value in the inclusive range > from 0x41 to 0x5A, the uppercase ASCII letters, MUST match the > identical value and also match the corresponding value in the > inclusive range from 0x61 to 0x7A, the lowercase ASCII letters. A > lookup string octet with a lowercase ASCII letter value MUST > similarly match the identical value and also match the corresponding > value in the uppercase ASCII letter range. > > (Historical note: The terms "uppercase" and "lowercase" were invented > after movable type. The terms originally referred to the two font > trays for storing, in partitioned areas, the different physical type > elements. Before movable type, the nearest equivalent terms were > "majuscule" and "minuscule".) > > This reads to me like HAProxy should match characters in the ranges 0x41 > to 0x5A and 0x61 to 0x7A insensitively as long as the label type is ASCII. > > Section 4.1 "DNS Output Case Preservation" mentions this: "No "case > conversion" or "case folding" is done during such output operations, > thus "preserving" case." > > Regrads, > Dennis > > Hi All, Let me ask some advices to our friends of PowerDNS :) Baptiste
