Peculiar DNS queries

Lars Kollstedt lk at
Mon Dec 23 09:49:47 UTC 2019

Hi Fred,

On Montag, 23. Dezember 2019 01:08:54 CET Fred Morris wrote:
> but in cache e.g. matches ISC.ORG or isc.ORG, or
> hopefully you get the idea.

Thats expected behavior. And has IMHO something to do with 

and the elder DNS RFCs not with dnsext-dns0x20 but the implementations of the 
case insensitivity in the public DNS were much older.

The dnsext-dns0x20 uses the previously present behavior of many 
implementations to echo back the character case of the request in the reply 
but matching case insensitive. If it gets anything else and no DNS Cookie back 
the resolver will wait a short while  for a better matching answer, and then 
give the non matching back. That's at least my reading of this. The matching 
in the cache is still done case insensitive, and the character case is re 
randomized on each resolver and DNS Client supporting this.

As far as i've seen some client libraries are leaking the camel case back, 
which might cause problems. But that's a problem between the library and the 
application using it and can be fixed in both.

dnsext-dns0x20 addresses recent spoofing problems on well connected resolvers 
since the source port randomization doesn't provide enough entropy for them 
and the attacks were already seen in the wild.

If your client application is really asking in lowercase it still will get 
lowercase back.

So you can ask for WwW.iSC.oRg and you will get an answer for WwW.iSC.oRg back 
with the same result as for or WWW.ISC.ORG.
But if a library gets a query for from the application it's used 
by and is randomizing this e.g. to WwW.iSC.oRg it should hopefully return a 
result for again. Other behavior might break things. ;-)

Kind regards

Lars Kollstedt

Telefon: +49 6151 16-71027
E-Mail:  lk at GmbH
Dolivostraße 11
64293 Darmstadt

Sitz der Gesellschaft: Darmstadt
Amtsgericht Darmstadt, HRB 9484
Geschäftsführer: Andreas Ebert

More information about the bind-users mailing list