In message <20150924202858.GJ68642@xxxxxxxxxxxxxxx>, Andrew Sullivan writes: > On Sat, Sep 12, 2015 at 08:18:49AM +1000, Mark Andrews wrote: > > And the DNS is supposed to preserve the case of entered labels. > > [â?¦] > > > Later versions of BIND 9 do that to the RRset level and it would > > be possible to do it to the RR level if needed. > > I am not confident that doing it to the RR level would be a good idea > in the DNS, and I'm not sure that the DNS protocol is sufficiently > carefully described that making the distinction between RRs and the > RRset in this way would be successfully interoperable. Certainly, > this is an area that's underspecified, so there's no way anyone should > be building hopes (never mind a protocol) on top of distinctions > between the RRset's and constituent RR's owner names. Almost all nameservers are not compliant with RFC 1034 in this area. The recent changes we made to named were to bring it more into line with RFC 1034. Full compliance would be preservation to the RR level. It would roughly be a extra bit per octet in the ownername per additional RR storage as the information needs to be stored somewhere. RFC 1034 When you receive a domain name or label, you should preserve its case. The rationale for this choice is that we may someday need to add full binary domain names for new services; existing services would not be changed. This is at the RR level as the concept of RRset didn't exist when RFC 1034 was written. Preserving the case is a matter of engineering the databases and the data paths to support it (don't discard the case information) and doing case sensitive compression when sending responses. The wire format supports both lossy and lossless compression. It's just a matter of picking the appropriate sequence of octets when looking for compression pointer targets as you construct the DNS message. Fixing a nameserver to do this is not a overly big task to someone familiar with the internals. You get to the 90+% level just by doing case sensitive compression and not using the question name unless it is appropriate as a compression targt as most RRsets consist of a single RR. EDNS(1) could specify lossless compression required for all names and is allowed for type A, B, C, D rdata where compression is currently banned. This wouldn't break DNSSEC. Fixing this now would mean we could use it in 10 years time as the non-compliant servers would almost all be gone. > > possible to distingish between JoeSmith and joesmith if preservation > > to the RR level is done for arbitary DNS data. > > But we know perfectly well that the "case preserving but > case-independent matching" has been interpreted in all sorts of > different ways (some obviously wrong, but others different yet > consistent with the RFCs). So let's again please not depend on > anything like this as part of any specification. > > Best regards, > > A > > -- > Andrew Sullivan > ajs@xxxxxxxxxxxxxxxxxx > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx