pdns icon indicating copy to clipboard operation
pdns copied to clipboard

Published 20 hours ago verified publisher icon PowerDNS

auth: pipebackend does not lowercase queries

Open Habbie opened this issue 3 years ago • 3 comments
trafficstars

pdns/pdns_server --socket-dir=. --local-port=5300 --launch=pipe --pipe-abi-version=5 --pipe-command=./modules/pipebackend/backend-v5.pl --zone-cache-refresh-interval=0

Good:

$ dig a www.example.com @1270.1 -p 5300

; <<>> DiG 9.16.22-Debian <<>> a www.example.com @127.0.0.1 -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35359
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	3600	IN	CNAME	webserver.example.com.
webserver.example.com.	3600	IN	A	1.2.3.5
webserver.example.com.	3600	IN	A	1.2.3.4
webserver.example.com.	3600	IN	A	1.2.3.6

;; Query time: 8 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Tue Jan 25 17:41:37 CET 2022
;; MSG SIZE  rcvd: 116

Bad:

$ dig a wWw.example.com @127.0.0.1 -p 5300

; <<>> DiG 9.16.22-Debian <<>> a wWw.example.com @127.0.0.1 -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8731
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;wWw.example.com.		IN	A

;; AUTHORITY SECTION:
example.com.		3600	IN	SOA	ahu.example.com. ns1.example.com. 2008080300 1800 3600 604800 3600

;; Query time: 8 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Tue Jan 25 17:41:41 CET 2022
;; MSG SIZE  rcvd: 88

Reference: https://lists.nlnetlabs.nl/pipermail/unbound-users/2021-December/007602.html

The fix mentioned there (lowercase in the backend script) works, but I think it would be more helpful if pdns did the lowercasing.

Habbie avatar Jan 25 '22 16:01 Habbie

We should check what remotebackend does too.

Habbie avatar Jan 25 '22 16:01 Habbie

I think it would be more helpful if pdns did the lowercasing.

Yeah, implementing the same logic in each backend is not a good idea.

zeha avatar Jan 26 '22 08:01 zeha

Some backend implementations are actually using the case sensitive version of the query.

mind04 avatar Jan 26 '22 09:01 mind04

Some backend implementations are actually using the case sensitive version of the query.

oh no

Habbie avatar Jan 23 '24 20:01 Habbie