Hi All, Anyone else see this from their Ripe’s when using a Mikrotik as DNS? -------------------- DNS Resolver Mangles Case What does this mean? RFC 1034, which defines DNS, states in Section 3.1 that the letter case of a query (i.e. whether the domain name is spelled in upper case, lower case or a mix of the two) should be preserved. In 2008, a technique to improve the security of DNS was proposed that makes use of this feature. In this technique, each letter in a DNS query is randomly set to upper or lower case. When the reply arrives, the letter case is checked to see whether it corresponds to the query. This prevents an attacker from blindly spoofing replies. This technique never became very popular, but did make it into the DNS stub resolver in the libevent library, which is used by the RIPE Atlas measurement code. Unfortunately, some DNS resolvers do not preserve the letter case of queries. Typically, it is the home router that is at fault. Common DNS resolver software, such as BIND and Unbound, cause no problems. A RIPE Atlas probe that is configured to use a resolver that does not preserve the letter case of the query causes measurements that rely on looking at the target of the measurement in DNS to fail. Measurements that target IPv4 or IPv6 literals are unaffected. How can I fix this? You could try to use a different DNS resolver (if you're in charge of the configuration), or use a different type of (home) router. -------------------- Can confirm the DNS implementation on Mikro doesn’t appear to adhere to section 3.1 of RFC 1034; Resolving against a Mikrotik dig sEnTrIaN.CoM.AU @192.168.1.1 +noall +answer ; <<>> DiG 9.10.6-P1 <<>> sEnTrIaN.CoM.AU @192.168.1.1 +noall +answer ;; global options: +cmd sentrian.com.au<http://sentrian.com.au>. 3600 IN A 52.64.78.207 Resolving against non Mikrotik dig sEnTrIaN.CoM.AU @1.1.1.1 +noall +answer ; <<>> DiG 9.10.6-P1 <<>> sEnTrIaN.CoM.AU @1.1.1.1 +noall +answer ;; global options: +cmd sEnTrIaN.CoM.AU. 3590 IN A 52.64.78.207 Doesn’t really cause issues, just interesting the implementation. Cheers, Dave Browning | Network Engineer P 1300 791 678 Level 1, 12 Railway Tce, Milton QLD 4064
participants (1)
-
Dave Browning