Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-694

Domain Names are mapped to lowercase

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.3.13
    • Fix Version/s: 2.1.0
    • Component/s: Signer
    • Environment:

      Any.

      Description

      When constructing RRSIGs, I suppose normalisation of character case to lowercase is needed to avoid being unable to validate a <domain-name> value in situations where case got mangled in a resolver. What ods-signer also does however, is write out the <domain-name> to the output zone file in all-lowercase, which is not in line with the intentions of DNS to preserve case as much as possible.

      I noticed this when signing a number of PTR records, but I assume it applies generally to all <domain-name> occurrences. From the RFC's below, I had not expected the mapping to lowercase, and I would argue that it is not in line with the intentions of DNS.

      The testdata was:

      _kerberos.lowercase.ptrdemo.vanrein.org. 3600 IN PTR
      lowercase.vanrein.org.
      _kerberos.mixedcase.ptrdemo.vanrein.org. 3600 IN PTR
      MiXeDcAsE.VaNrEiN.OrG.
      _kerberos.uppercase.ptrdemo.vanrein.org. 3600 IN PTR
      UPPERCASE.VANREIN.ORG.

      STANDARDS TEXT

      Section 4.1 of RFC 4343:

      No "case conversion" or "case folding" is done
      during such output operations, thus "preserving" case. However, to
      optimize output, indirect labels may be used to point to names
      elsewhere in the DNS answer. In determining whether the name to be
      pointed to (for example, the QNAME) is the "same" as the remainder of
      the name being optimized, the case insensitive comparison specified
      above is done. Thus, such optimization may easily destroy the output
      preservation of case.

      Section 3.3 of RFC 1035:

      The following RR definitions are expected to occur, at least
      potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
      will be used in all classes, and have the same format in all classes.
      Because their RDATA format is known, all domain names in the RDATA
      section of these RRs may be compressed.

      <domain-name> is a domain name represented as a series of labels, and
      terminated by a label with zero length. <character-string> is a single
      length octet followed by that number of characters. <character-string>
      is treated as binary information, and can be up to 256 characters in
      length (including the length octet).

      [...]

      3.3.12. PTR RDATA format

      --+
      / PTRDNAME /
      --+

      where:

      PTRDNAME A <domain-name> which points to some location in the
      domain name space.

        Attachments

          Activity

            People

            Assignee:
            hodar Hoda Rohani
            Reporter:
            vanrein Rick van Rein
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 hours
                2h
                Remaining:
                Remaining Estimate - 2 hours
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified