[rbldnsd] I HATE BIND - please help

Chris. cth at fastmail.ca
Fri Mar 7 19:39:41 MSK 2008 

On Fri, 07 Mar 2008 11:29:55 +0300, Michael Tokarev wrote...

> Chris. wrote:
> []
>> Fact is: .COM != .com
>> Meaning: the RBLDNSD appears to always use lowercase. Even
>> though the config/zone claimed .COM; the BIND claimed .COM;
>> the RBLDNSD speaks on .com - /not/ .COM. I read an RFC on
>> this very subject, but can't recall the number. Anyway,
>> best practice with the RBLDNSD; use lowercase.
> 
> This is a bug.
> 
> yes rbldnsd "prefers" everything in lower case, but that's
> just because it lowercases everything, or, rather, is supposed
> to.
> 
> The only place where it is NOT done is while parsing the command
> line - generating list of zones to serve.  I just forgot to
> lowercase the whole thing.
> 
> The fix (one-line patch) is below.
> 
> Index: rbldnsd_zones.c
> ===================================================================
> RCS file: /ws/CVS/rbldnsd/rbldnsd_zones.c,v
> retrieving revision 1.75
> diff -u -r1.75 rbldnsd_zones.c
> --- rbldnsd_zones.c	16 Nov 2007 17:52:15 -0000	1.75
> +++ rbldnsd_zones.c	7 Mar 2008 08:28:31 -0000
> @@ -133,6 +133,7 @@
> dnlen = dns_ptodn(name, dn, sizeof(dn));
> if (!dnlen)
> error(0, "invalid domain name `%.80s'", name);
> +  dns_dntol(dn, dn);
> 
> p = estrdup(p+1);
> ds = newdataset(p);
> 
> 
> Now I'm really curious why it took so many years to find
> the damn thing...

Its likely because the BIND version 9.4 introduced some additional
"laziness" into it's scheme. That's why the answer wasn't more evident
to me earlier. I was attempting to migrate a working config/setup into
the server I ultimately wanted the RBLDNSD to live. The only notable
difference between the two, as it turns out, is the version of the
BIND - 9.3x vs 9.4x. I guess it's probably safe to say that
"lowercaseness" crept into version 9.4.

So why on earth do I care, or use, UPPERcase anyway? I find it
alot easier to visually parse log files. Especially given that
I have somedomain.com, somedomain.net, and somedomain.org. If
I'm working alot with a particular domain, if I use uppercasement
on the the rightmost portion. It's easier to find the references
in any of the logs I need to read. This is especially true when
I'm trying to debug something - like the RBLDNSD, for example. :)

Case sensitivity can frequently be important with the DNS. For
example, email addresses. Sure, you could argue that that
should be handled at an application level. But still, you /should/
be able to count on receiving what you send - it is important.
LDAP is another case. Intelligent OS's, and near all modern OS's
have case sensitive file systems. Like the DNS, they are composed
of nodes - they are both "tree like", descending from their root.
So why doesn't the DNS (the BIND) remain cAsE sEnSiTiVe? Laziness!
That's why. Frankly, I think their missing the boat here. I mean,
think about it - what if the DNS /enforced/ case sensitivity.
Then they could sell somedomain.com, SOMEDOMAIN.COM, and even,
SoMeDoMaIn.CoM - really. Sheesh. They've screwed themselves
out of /billions/ of dollars. What idiots!
 Anyway, speaking of case sensitive DNS's. I've been working
alot on UNBOUND
- http://www.nominum.com/info_center/dns_dhcp/index.php
- http://www.unbound.net/documentation/index.html
- http://www.rfc.se/unbound/prototype-resolver.html
I'm making it quite a bit more powerful (authoritive).
Nominum started, and wrote most of the base of what's now
available for use as open software. They also second most
of my domains. While working on it, and struggling with
the RBLDNSD. It occurred to me that it wouldn't be the
least bit difficult to "roll" the RBLDNSD - well, at
least the /concept/ into UNBOUND. If you read a bit about
it, you'll (being so familiar with the DNS) see what I
mean. It's nearly 50% smaller than the BIND, it's approx.
30% faster, and it's cAsE sensitive. OH did I mention;
security is really important too? :) OK maybe you don't
like case sensitivity. But it's still got alot on the
BIND. Well, I guess I'll end this novel here. :)

Spaciba bolshoy!

Sorry, I speak a fair amount of Russonia. But I can only
read as well as a young child, and my mail reader can't
handle the correct character set. I hope you can make it
out OK. :)

Feel free to contact me off list. If you ever want to.

--Chris H

> 
> /mjt
> _______________________________________________
> rbldnsd mailing list
> rbldnsd at corpit.ru
> http://www.corpit.ru/mailman/listinfo/rbldnsd
_________________________________________________________________
    http://fastmail.ca/ - Fast Secure Web Email for Canadians

More information about the rbldnsd mailing list