Niall O'Reilly
2015-Oct-09 13:48 UTC
[nsd-users] NSD answer apparently depends on case-pattern of question
On Fri, 09 Oct 2015 13:14:59 +0100, Niall O'Reilly wrote:> > On Fri, 09 Oct 2015 09:07:55 +0100, > Fredrik Pettai wrote: > > > > It?s not a bug, it?s a feature :) > > I'm not convinced.Hmm. After reading RFC4343 (which seems to limit consideration to owner names and exclude RDATA) and https://kb.isc.org/article/AA-01113/0/Case-Insensitive-Response-Compression-May-Cause-Problems-With-Mixed-Case-Data-and-Non-Conforming-Clients.html, I can see that this is more arguable either way than I appreciated at first. Either NSD is behaving too loosely, or Zonemaster too strictly. I look forward to consistency between them in the near future. Best regards, Niall
Sandoche Balakrichenan
2015-Oct-09 13:55 UTC
[nsd-users] [New-dnscheck] NSD answer apparently depends on case-pattern of question
On 10/09/2015 03:48 PM, Niall O'Reilly wrote:> On Fri, 09 Oct 2015 13:14:59 +0100, > Niall O'Reilly wrote: >> On Fri, 09 Oct 2015 09:07:55 +0100, >> Fredrik Pettai wrote: >>> It?s not a bug, it?s a feature :) >> I'm not convinced. > Hmm. > > After reading RFC4343 (which seems to limit consideration to owner > names and exclude RDATA) and > https://kb.isc.org/article/AA-01113/0/Case-Insensitive-Response-Compression-May-Cause-Problems-With-Mixed-Case-Data-and-Non-Conforming-Clients.html, > I can see that this is more arguable either way than I appreciated > at first. > > Either NSD is behaving too loosely, or Zonemaster too strictly. > I look forward to consistency between them in the near future. > >==> It has been fixed in ZM. If you make a pull request of the last version of the engine (https://github.com/dotse/zonemaster-engine) and test with the CLI (https://github.com/dotse/zonemaster-cli), you may find the difference. *The ZM GUI still needs to be updated with the latest fix in the engine.* _*Before the Fix : *_ zonemaster-cli afnic.fr Seconds Level Message ======= ========= ====== 21.47 WARNING When asked for SOA records on "WwW.Afnic.Fr" and "WwW.AFnIc.Fr", nameserver ns2.nic.fr/192.93.0.4 returns different answers. 21.47 WARNING When asked for SOA records on "WwW.Afnic.Fr" and "WwW.AFnIc.Fr", nameserver ns2.nic.fr/2001:660:3005:1::1:2 returns different answers. 21.49 ERROR When asked for SOA records on "www.afnic.fr" with different cases, all servers do not reply consistently. 21.59 NOTICE SOA 'mname' nameserver (dnsmaster.nic.fr) is not listed in "parent" NS records for tested zone (ns1.nic.fr;ns2.nic.fr;ns3.nic.fr). 21.59 NOTICE SOA 'refresh' value (7200) is less than the recommended minimum (14400). 21.60 NOTICE SOA 'retry' value (1800) is less than the recommended minimum (3600). _*After the Fix: *_zonemaster-cli afnic.fr Seconds Level Message ======= ========= ====== 21.57 NOTICE SOA 'mname' nameserver (dnsmaster.nic.fr) is not listed in "parent" NS records for tested zone (ns1.nic.fr;ns2.nic.fr;ns3.nic.fr). 21.57 NOTICE SOA 'refresh' value (7200) is less than the recommended minimum (14400). 21.57 NOTICE SOA 'retry' value (1800) is less than the recommended minimum (3600)._* *_ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20151009/9512c540/attachment.htm>