BIND releases beginning with BIND 9.9.5, 9.8.7, and 9.6-ESV-R11 include a fix which we would like to highlight for your attention, as one customer has experienced an operational issue as a result of what might look, from the notes, like a completely innocuous change:
3645. [protocol] Use case sensitive compression when responding to queries. [RT #34737]
This change was made to bring BIND
into compliance with RFC 1034, which states:
By convention, domain names can be stored with arbitrary case, but domain name comparisons for all present domain functions are done in a case-insensitive manner, assuming an ASCII character set, and a high order zero bit. This means that you are free to create a node with label "A" or a node with label "a", but not both as brothers; you could refer to either using "a" or "A".
When you receive a domain name or label, you should preserve its case.
Change #3645 was present in the precursor development releases for 9.9.5 et al but we received no reports of problems during the alpha and beta test periods. We still believe the change is correct in terms of compliance with the RFC, and BIND
has been performing case-preserving compression for zone transfers for years without issue -- this change affects the data returned by regular queries -- however, we have learned of a case where a customer whose DNS
data included both upper-case and lower-case representations of identical names experienced operational problems with client appliance devices that did not correctly implement the corresponding part of the paragraph above; that is, that domain name comparisons be done in a case-insensitive manner.
Case was not previously being preserved by the server when compression was being used and as a result change #3645 had the effect in this customer's environment of causing a different reply to be returned by BIND
9.9.5 et al. In conjunction with the case-sensitivity of the misbehaving client devices, an operational issue was created by this mismatch. Operators encountering similar issues should be able to correct them by providing the exact case expected by client devices in their zone data (both in the domain names themselves and in references to those names in records of type NS, MX, SRV, CNAME, and other record types which use a domain name as their data.)
Currently ISC are assessing whether the impact of this change justifies further measures or whether the change in BIND
should stand as written. One key piece of information that would inform our decision is an estimate of the frequency of operational problems that might be caused by this change. So far we have no clear cues how to estimate that frequency based on our single report received. You can aid us by informing us of any issues encountered that you believe are related to this change in case preservation. Please send reports to email@example.com
© 2001-2017 Internet Systems ConsortiumFor assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.