Maintained by: NLnet Labs

[Unbound-users] [Q] HINFO in signed zone results SERVFAIL, but NOERROR with BIND

W.C.A. Wijngaards
Wed Jan 7 08:02:09 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Florian Weimer wrote:
> * W. C. A. Wijngaards:
> 
>> This is an interpretation problem in RFC4034 6.2(3).
>>
>> A workaround is to give your HINFO in lowercase:
>> 	HINFO "vmware" "freebsd"
>>
>> Unbound lowercases all text in the rdata of HINFO records before
>> verification.  Because that is what I believe RFC4034 6.2(3) means.
> 
> The two strings aren't DNS names (<domain-name>s), so they shouldn't
> be lower-cased.  I don't know why RFC 4034 specifies HINFO, it seems a
> mistake.

Yes, I have been convinced of that too.  So, unbound no longer downcases
the HINFO rdata.

> How do you handle NAPTR?  As far as I understand RFC 4034, you should
> downcase the replacement only.

Yes, one domain name field gets lowercased, the rest is not lowercased.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklkU3EACgkQkDLqNwOhpPhQIQCgr/M2cXd4LmgqfLVCMEol8Gil
HFgAoLFWludSljUxffHKsHckylRPUeE3
=T3Nz
-----END PGP SIGNATURE-----