NSD compressing RP content

Peter_van_Dijk · March 1, 2013, 2:22pm

Hello,

while investigating a report from Jan-Piet Mens (resulting in http://wiki.powerdns.com/trac/changeset/3109), we discovered that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP content. As far as I can see, this is not allowed by RFC3597 section 4 paragraph 1/2.

PowerDNS Recursor, like Unbound and BIND, now deals with this as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless, it would be great if NSD could honor the MUST NOT in paragraph 2.

Kind regards,

Matthijs_Mekking · March 4, 2013, 3:00pm

Hi Peter,

Sure we can send RP domain names uncompressed from now on.

I can understand your reasoning: RP is not defined in RFC 1035, hence it
is not allowed to use *name* compression.

However, RP (and AFSDB and RT) are defined in RFC 1183, and at the time
that that specification was written, name compression was allowed for
these records (not explicitly mentioned in the specification). RFC3597
deals with this saying that *receiving* servers should decompress domain
names in these RRs.

So I fail to see where things might be harmful. PowerDNS should have no
problem if it implements RFC3597, as RP should be decompressed, as BIND
and Unbound does too (Unbound actually decompresses all domain names of
known RR types).

Also, I assume your request is not limited to RP, but is also for AFSDB
and RT.

Best regards,
Matthijs

Peter_van_Dijk · March 7, 2013, 2:37pm

Hello Matthijs,

3597 also deals with it by saying nsd MUST NOT compress these types.

The harm is in NSD ignoring a MUST NOT, relying on recursors to implement a SHOULD. This should, of course, be the other way around.

Naturally, PowerDNS now honors the SHOULD, as interoperability is key.

And yes, my request extends to all types not mentioned in 1035, as mandated by 3597.

Kind regards,
Peter van Dijk

Matthijs_Mekking · March 7, 2013, 3:02pm

Hi Peter,

Hello Matthijs,

3597 also deals with it by saying nsd MUST NOT compress these
types.

You are absolutely right in that. And it's going to be fixed in the
next release (of course, that should have happened already around
September 2003. Better late than never).

The harm is in NSD ignoring a MUST NOT, relying on recursors to
implement a SHOULD. This should, of course, be the other way
around.

I think it is a safe assumption, as pre-3597 recursors should have
done that, and after 3597 they still should do it ;-).

Naturally, PowerDNS now honors the SHOULD, as interoperability is
key.

Agreed. And that's why we will fix it in NSD too.

Best regards,
Matthijs