response case in-sensitivity?

Chris Thompson cet1 at cam.ac.uk
Thu Jul 30 15:09:29 UTC 2015


On Jul 30 2015, Barry Margolin wrote:

>In article <mailman.2375.1438232213.26362.bind-users at lists.isc.org>,
> Mark Andrews <marka at isc.org> wrote:
[... snip ...] 
>> Then iOS (or the application) is broken.  Domain names should always
>> be compared case insensitively.  Please report a bug to the app
>> vendor and / or Apple.
>
>Isn't this the DNS 0x20 security enhancement? Clients send a random mix 
>of case, and check that the response matches, to protect against spoofed 
>responses.
>
>https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00

You must distinguish between the copy of the query in the reply packet,
which BIND (like nearly all implementations) does copy exactly from the
query, and the owner field used in the answer section, which recent
versions of BIND make the same as that loaded from zone file (when
authoritative), or as received from an authoritative nameserver (when
from the cache).

-- 
Chris Thompson
Email: cet1 at cam.ac.uk





More information about the bind-users mailing list