search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.69k stars 906 forks source link

auth: pipebackend does not lowercase queries #11236

Open Habbie opened 2 years ago

Habbie commented 2 years ago

pdns/pdns_server --socket-dir=. --local-port=5300 --launch=pipe --pipe-abi-version=5 --pipe-command=./modules/pipebackend/backend-v5.pl --zone-cache-refresh-interval=0

Good:

$ dig a www.example.com @1270.1 -p 5300

; <<>> DiG 9.16.22-Debian <<>> a www.example.com @127.0.0.1 -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35359
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.example.com.       IN  A

;; ANSWER SECTION:
www.example.com.    3600    IN  CNAME   webserver.example.com.
webserver.example.com.  3600    IN  A   1.2.3.5
webserver.example.com.  3600    IN  A   1.2.3.4
webserver.example.com.  3600    IN  A   1.2.3.6

;; Query time: 8 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Tue Jan 25 17:41:37 CET 2022
;; MSG SIZE  rcvd: 116

Bad:

$ dig a wWw.example.com @127.0.0.1 -p 5300

; <<>> DiG 9.16.22-Debian <<>> a wWw.example.com @127.0.0.1 -p 5300
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8731
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;wWw.example.com.       IN  A

;; AUTHORITY SECTION:
example.com.        3600    IN  SOA ahu.example.com. ns1.example.com. 2008080300 1800 3600 604800 3600

;; Query time: 8 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Tue Jan 25 17:41:41 CET 2022
;; MSG SIZE  rcvd: 88

Reference: https://lists.nlnetlabs.nl/pipermail/unbound-users/2021-December/007602.html

The fix mentioned there (lowercase in the backend script) works, but I think it would be more helpful if pdns did the lowercasing.

Habbie commented 2 years ago

We should check what remotebackend does too.

zeha commented 2 years ago

I think it would be more helpful if pdns did the lowercasing.

Yeah, implementing the same logic in each backend is not a good idea.

mind04 commented 2 years ago

Some backend implementations are actually using the case sensitive version of the query.

Habbie commented 9 months ago

Some backend implementations are actually using the case sensitive version of the query.

oh no