secret society of super sydney sysadmins

GoDaddy – mixed-case DNS WTFery.

· by Robert Mibus · Read in about 2 min · (297 Words)
dns sysadmin

A friend passed me a bounce of mail to my domain; DNS-related it said.

Dutifully, I checked the record:

$ dig @ns43.domaincontrol.com mibus.org mx

; <<>> DiG 9.7.3 <<>> @ns43.domaincontrol.com mibus.org mx
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 541
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;MibUs.OrG.         IN  MX

;; ANSWER SECTION:
MibUs.OrG.      3600    IN  MX  10 aspmx.l.google.com.
MibUs.OrG.      3600    IN  MX  20 alt2.aspmx.l.google.com.
MibUs.OrG.      3600    IN  MX  20 alt1.aspmx.l.google.com.

;; AUTHORITY SECTION:
MibUs.OrG.      3600    IN  NS  ns43.domaincontrol.com.
MibUs.OrG.      3600    IN  NS  ns44.domaincontrol.com.

;; Query time: 89 msec
;; SERVER: 216.69.185.22#53(216.69.185.22)
;; WHEN: Fri Feb 24 08:42:50 2012
;; MSG SIZE  rcvd: 155

Yep, there it is.

(…and yes, I’m with GoDaddy. I’m horribly likely to shift at my next renewal - if not before. But anyway).

Wait. “MibUs.OrG.”?

It’s repeatable, on that one NS, from both the US and here in Australia. The other NS, is fine. Non-MX queries… are also fine. Mixed-case queries for the MX, all come back in that one same (different) case.

What. The. Hell.

I made a change to my zone data with their pretty web-based console. Re-ran the query… and it was fine. Except, all the mixed-case queries all came back lowercase.

Hmm. I wonder.

I made another change.

$ dig @ns43.domaincontrol.com Mibus.Org mx

; <<>> DiG 9.7.3 <<>> @ns43.domaincontrol.com Mibus.Org mx
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57417
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;Mibus.Org.         IN  MX

;; ANSWER SECTION:
Mibus.Org.      3600    IN  MX  10 aspmx.l.google.com.
Mibus.Org.      3600    IN  MX  20 alt2.aspmx.l.google.com.
Mibus.Org.      3600    IN  MX  20 alt1.aspmx.l.google.com.

;; AUTHORITY SECTION:
Mibus.Org.      3600    IN  NS  ns43.domaincontrol.com.
Mibus.Org.      3600    IN  NS  ns44.domaincontrol.com.

;; Query time: 86 msec
;; SERVER: 216.69.185.22#53(216.69.185.22)
;; WHEN: Fri Feb 24 08:47:52 2012
;; MSG SIZE  rcvd: 155

…and now, all DNS queries come back with this “proper case” version.

It’s my humble opinion as a DNS administrator elsewhere, that they’re running some sort of fancy reverse-caching DNS server in front of their “real” DNS servers; one that fakes the “AA” flag on responses, doesn’t drop the TTL, and is cleared by their software on updates.

Oh, and one that preserves the case of the first query it sees in its cache, and keeps it around.

Why is this important? Well, for starters it’s just stupid. For seconds, people are starting to use bit 0x20 (ie., the “shift” bit) for adding extra entropy in to DNS queries. GoDaddy’s DNS servers go well beyond breaking it and in to the territory of royally messing it up.