Subject: | zone_name case-sensitivity preferred for dns response |
Date: | Fri, 10 Oct 2014 14:43:03 +0200 |
To: | bind9-bugs@isc.org |
From: | Daniel Stirnimann <daniel.stirnimann@switch.ch> |
Hello
We found out that case-sensitivity from the zone_name in a zone
statement is preferred over what is defined in the zone itself.
Example zone_name with upper-case ORG.:
zone "example.ORG." {
type master;
masterfile-format text;
file "example.org/zone.publish";
};
Whereas the zone example.org. only contains lower case letters:
cat zone.publish (example.org)
example.org. 86400 IN SOA scsnms.switch.ch.
dns-operation.switch.ch. 2014101000 28800 7200 604800 1800
example.org. 86400 IN NS ns2.switch.ch.
example.org. 86400 IN NS scsnms.switch.ch.
The authoritative name server (running BIND 9.9.5) response now contains
"example.ORG." in the authority response.
dig @bamus.switch.ch example.org
; <<>> DiG 9.8.3-P1 <<>> @bamus.switch.ch example.org
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43089
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;example.org. IN A
;; AUTHORITY SECTION:
example.ORG. 1800 IN SOA scsnms.switch.ch. dns-operation.switch.ch.
2014101000 28800 7200 604800 1800
;; Query time: 9 msec
;; SERVER: 2001:620::8:5054:ff:fef6:d929#53(2001:620::8:5054:ff:fef6:d929)
;; WHEN: Fri Oct 10 14:27:51 2014
;; MSG SIZE rcvd: 106
I think this is a bug. I guess, this response is due to the change in
case-sensitive response compression, https://kb.isc.org/article/AA-01113
introduced in BIND 9.9.5.
However, in my opinion, BIND should not preserve its case from the
zone_name clause but only from the zone itself.
We ran into this problem for the TLD .ch as one of the secondary name
servers had the zone_name clause in upper case. While this is perfectly
legal and no harm is caused by this, some misbehaving client devices
noticed this which is why we found out about it. Of course, we have sent
bug reports to the misbehaving client devices. On the other hand, we
also think that the behavior of BIND in preferring the case of the
zone_name clause above the name defined in the zone is wrong.
Thank you,
Daniel
--
SWITCH
Daniel Stirnimann, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 16 24
daniel.stirnimann@switch.ch, http://www.switch.ch