Re: DNS names, was Last Call on _openpgpkey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In message <20150924202858.GJ68642@xxxxxxxxxxxxxxx>, Andrew Sullivan writes:
> On Sat, Sep 12, 2015 at 08:18:49AM +1000, Mark Andrews wrote:
> > And the DNS is supposed to preserve the case of entered labels.
> 
> [â?¦]
> 
> > Later versions of BIND 9 do that to the RRset level and it would
> > be possible to do it to the RR level if needed.
> 
> I am not confident that doing it to the RR level would be a good idea
> in the DNS, and I'm not sure that the DNS protocol is sufficiently
> carefully described that making the distinction between RRs and the
> RRset in this way would be successfully interoperable.  Certainly,
> this is an area that's underspecified, so there's no way anyone should
> be building hopes (never mind a protocol) on top of distinctions
> between the RRset's and constituent RR's owner names.

Almost all nameservers are not compliant with RFC 1034 in this area.
The recent changes we made to named were to bring it more into line
with RFC 1034.  Full compliance would be preservation to the RR
level.  It would roughly be a extra bit per octet in the ownername
per additional RR storage as the information needs to be stored
somewhere.

RFC 1034
				      When you receive a domain name or
label, you should preserve its case.  The rationale for this choice is
that we may someday need to add full binary domain names for new
services; existing services would not be changed.

This is at the RR level as the concept of RRset didn't exist when
RFC 1034 was written.

Preserving the case is a matter of engineering the databases and
the data paths to support it (don't discard the case information)
and doing case sensitive compression when sending responses.  The
wire format supports both lossy and lossless compression.  It's
just a matter of picking the appropriate sequence of octets when
looking for compression pointer targets as you construct the DNS
message.  Fixing a nameserver to do this is not a overly big task
to someone familiar with the internals.  You get to the 90+% level
just by doing case sensitive compression and not using the question
name unless it is appropriate as a compression targt as most RRsets
consist of a single RR.

EDNS(1) could specify lossless compression required for all names
and is allowed for type A, B, C, D rdata where compression is
currently banned.  This wouldn't break DNSSEC.

Fixing this now would mean we could use it in 10 years time as the
non-compliant servers would almost all be gone.

> > possible to distingish between JoeSmith and joesmith if preservation
> > to the RR level is done for arbitary DNS data.
> 
> But we know perfectly well that the "case preserving but
> case-independent matching" has been interpreted in all sorts of
> different ways (some obviously wrong, but others different yet
> consistent with the RFCs).  So let's again please not depend on
> anything like this as part of any specification.
> 
> Best regards,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@xxxxxxxxxxxxxxxxxx
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@xxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]