response case in-sensitivity?

Chris Thompson cet1 at
Thu Jul 30 15:09:29 UTC 2015

On Jul 30 2015, Barry Margolin wrote:

>In article <mailman.2375.1438232213.26362.bind-users at>,
> Mark Andrews <marka at> wrote:
[... snip ...] 
>> Then iOS (or the application) is broken.  Domain names should always
>> be compared case insensitively.  Please report a bug to the app
>> vendor and / or Apple.
>Isn't this the DNS 0x20 security enhancement? Clients send a random mix 
>of case, and check that the response matches, to protect against spoofed 

You must distinguish between the copy of the query in the reply packet,
which BIND (like nearly all implementations) does copy exactly from the
query, and the owner field used in the answer section, which recent
versions of BIND make the same as that loaded from zone file (when
authoritative), or as received from an authoritative nameserver (when
from the cache).

Chris Thompson
Email: cet1 at

More information about the bind-users mailing list