12 Dub
2016
12 Dub
'16
11:16
Hello Gert,
On 6.4.2016 23:25, Gert Doering wrote:
Well, protocol-wise, you're right. But this is
about user expectations -
whether it's a SQL server, LDAP, or DNS, in the end it's a lookup service
that is there to serve what the user put in there, and shouldn't modify
it.
We had a really long discussions about this topic.
Domain name handling in DNS is just mess. Some of the names can be
compressed. Some can't be compressed. And some even can be only
decompressed but not compressed (because of legacy code). And it's
similarly complicated for letter-case preservation. The names are
treated case-insensitively, however the case has to be still preserved
in some situations. For instance in RDATA of some (just some) record
types. That is needed for DNSSEC.
One thing is performance. Another thing is security. We just decided to
sanitize the data coming into the server. Zone files, zone transfers,
dynamic updates, ... everywhere. It's much easier to work with
normalized inputs. We just know what to expect. And we don't have to
handle the exceptions whenever we touch the data.
We've put a lot of effort into testing this. And we are pretty sure that
our implementation is compliant, fast, and secure.
I understand your concern. And I'm sorry, but we won't change this.
Cheers,
Jan