Case-Insensitive Response Compression May Cause Problems With Mixed-Case Data and Non-Conforming Clients

Mark Andrews marka at isc.org
Sun Feb 9 22:34:21 UTC 2014


Named is not yet fully case preserving.  Owner names are stored based on
first use of the name in the database (zone or cache) when the red black
tree is created.  We need to extend the database to record the case used
in the owner name.  The are two obvious ways to do this.

	1) record the complete owner name with the rdata.
	2) record a bit vector that contains the case bit (0x20)
	   of each character in the owner name.

A third scheme may be 'all upper', 'all lower', mixed + bit vector for each
label.

Which one is used will be a trade off of space vs cpu.

What should be true now is that the case of domain names in the
rdata is full preserved.

Mark

In message <alpine.LSU.2.00.1402071428230.15645 at hermes-1.csi.cam.ac.uk>, Tony F
inch writes:
> I have been testing this and I have found some interesting behaviour
> related to negative cacheing and empty non-terminals.
> 
> If I query for a name in upper case, and there is no answer, the negative
> cache entry is stored in upper case. If I later query for a different type
> at the same name and get a positive answer all in lower case, the initial
> answer is lower case, but subsequent answers returned from the cache have
> some upper case labels.
> 
> My test server is running 9.10.0a1 and for this test the relevant part of
> the config is:
> 
> 	view rec {
> 		match-recursive-only yes;
> 		zone cam.ac.uk {
> 			type static-stub;
> 			server-addresses { ::1; };
> 		};
> 	};
> 	view auth {
> 		recursion no;
> 		allow-recursion { none; };
> 		zone cam.ac.uk {
> 			type slave;
> 			masters { ucam; };
> 	};
> 
> Here's a transcript of a shell session illustrating the oddity.
> 
> $ rndc flush
> $ # create a negative cache entry with upper case labels
> $ dig _kerberos._udp.UXSUP.CSI.CAM.AC.UK
> 
> ; <<>> DiG 9.10.0a1 <<>> _kerberos._udp.UXSUP.CSI.CAM.AC.UK
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52286
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_kerberos._udp.UXSUP.CSI.CAM.AC.UK. IN A
> 
> ;; AUTHORITY SECTION:
> cam.ac.uk.              10800   IN      SOA     authdns0.csx.cam.ac.uk. hostm
> aster.ucs.cam.ac.uk. 1391763551 14400 3600 604800 14400
> 
> ;; Query time: 890 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Fri Feb 07 14:38:11 GMT 2014
> ;; MSG SIZE  rcvd: 136
> 
> $ # get a positive answer in lower case
> $ dig _kerberos._udp.UXSUP.CSI.CAM.AC.UK srv
> 
> ; <<>> DiG 9.10.0a1 <<>> _kerberos._udp.UXSUP.CSI.CAM.AC.UK srv
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27438
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_kerberos._udp.UXSUP.CSI.CAM.AC.UK. IN SRV
> 
> ;; ANSWER SECTION:
> _kerberos._udp.uxsup.csi.cam.ac.uk. 86400 IN SRV 0 0 88 ghast.csi.cam.ac.uk.
> 
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Fri Feb 07 14:38:14 GMT 2014
> ;; MSG SIZE  rcvd: 136
> 
> $ # get a positive answer from the cache with mixed case
> $ dig _kerberos._udp.UXSUP.CSI.CAM.AC.UK srv
> 
> ; <<>> DiG 9.10.0a1 <<>> _kerberos._udp.UXSUP.CSI.CAM.AC.UK srv
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44019
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_kerberos._udp.UXSUP.CSI.CAM.AC.UK. IN SRV
> 
> ;; ANSWER SECTION:
> _kerberos._udp.UXSUP.CSI.cam.ac.uk. 86398 IN SRV 0 0 88 ghast.csi.cam.ac.uk.
> 
> ;; Query time: 0 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Fri Feb 07 14:38:16 GMT 2014
> ;; MSG SIZE  rcvd: 136
> 
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
> Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
> occasionally poor at first.
> _______________________________________________
> bind-workers mailing list
> bind-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-workers
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org


More information about the bind-workers mailing list