Resolver Mangles Case

[sweetlyham]

I have an RIPE Atlas probe plugged into my Asus RT-AX58U and I am running 386.3_2

My probe is getting the following error message below when I check the status of it

DNS Resolver Mangles Case​

What does this mean?​

RFC 1034, which defines DNS, states in Section 3.1 that the letter case of a query (i.e. whether the domain name is spelled in upper case, lower case or a mix of the two) should be preserved. In 2008, a technique to improve the security of DNS was proposed that makes use of this feature. In this technique, each letter in a DNS query is randomly set to upper or lower case. When the reply arrives, the letter case is checked to see whether it corresponds to the query. This prevents an attacker from blindly spoofing replies.

This technique never became very popular, but did make it into the DNS stub resolver in the libevent library, which is used by the RIPE Atlas measurement code. Unfortunately, some DNS resolvers do not preserve the letter case of queries. Typically, it is the home router that is at fault. Common DNS resolver software, such as BIND and Unbound, cause no problems.

A RIPE Atlas probe that is configured to use a resolver that does not preserve the letter case of the query causes measurements that rely on looking at the target of the measurement in DNS to fail. Measurements that target IPv4 or IPv6 literals are unaffected.

How can I fix this?​

You could try to use a different DNS resolver (if you're in charge of the configuration), or use a different type of (home) router.

Would anyone know how I could resolve it?

I am using the DNSFilter feature to force 9.9.9.9 onto the probe

 

[ColinTaylor]

Wow! I've never heard of anything that relied on this obscure feature before.

I am using the DNSFilter feature to force 9.9.9.9 onto the probe

DNSFilter doesn't change the contents of the DNS queries. So if there's an issue it will be with the DNS server, 9.9.9.9. Try using different DNS servers.

EDIT: I just did a quick packet capture on a mixed case DNS query to 9.9.9.9 and it preserved the case in its reply.

 

[sweetlyham]

Wow! I've never heard of anything that relied on this obscure feature before.


DNSFilter doesn't change the contents of the DNS queries. So if there's an issue it will be with the DNS server, 9.9.9.9. Try using different DNS servers.

EDIT: I just did a quick packet capture on a mixed case DNS query to 9.9.9.9 and it preserved the case in its reply.

I tried different DNS servers and still same error message.

 

[ColinTaylor]

I'm suspecting that this is a false message. Do you have an IPv6 internet connection?

If you apply the same DNSFilter to your PC and do the following nslookup does it return the correct mixed case answer:

C:\Users\Colin>nslookup www.GooGle.com
Server:  RT-AX86U.home.lan
Address:  192.168.1.1

Non-authoritative answer:
Name:    www.GooGle.com
Addresses:  2a00:1450:4009:823::2004
          142.250.200.36

If you have dig:

# dig www.GooGle.com

; <<>> DiG 9.16.1-Ubuntu <<>> www.GooGle.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.GooGle.com.                        IN      A

;; ANSWER SECTION:
www.GooGle.com.         71      IN      A       142.250.200.36

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Aug 27 12:06:52 BST 2021
;; MSG SIZE  rcvd: 59

 

[sweetlyham]

I've tried adding my PC to the client list and setting it to Custom 2 which is 9.9.9.9 but for some reason keeps using 192.168.0.2 for DNS which is my AdGuard Home. I have tried ipconfig /release & /renew & /flushdns (Windows 10) along with manually taking the ethernet cable out but PC is still using 192.168.0.2 anyway...

I added 9.9.9.9 to DNS Server field on DHCP page and set PC on client list under DNSFilter to unfiltered which seems to let me use another DNS server.

I have DHCP on the router serve the DNS as I like seeing the individual client requests on AdGuard Home (I think this is why the above mentioned does not work)

Looks like AdGuard Home might be causing the issue as thanks to your help the mangled reply comes back when using other DNS!

nslookup www.GooGle.com
Server:  dns9.quad9.net
Address:  9.9.9.9

Non-authoritative answer:
Name:    www.GooGle.com
Addresses:  2404:6800:4006:810::2004
          142.250.66.228

 

[ColinTaylor]

I've tried adding my PC to the client list and setting it to Custom 2 which is 9.9.9.9 but for some reason keeps using 192.168.0.2 for DNS which is my AdGuard Home. I have tried ipconfig /release & /renew & /flushdns (Windows 10) along with manually taking the ethernet cable out but PC is still using 192.168.0.2 anyway...

DNSFilter can only effect DNS requests with a destination address on the internet. It cannot effect LAN to LAN traffic. Therefore if your client is picking up a local DNS server address from DHCP then DNSFilter will have no effect.