I missed that in my own log. Great finding! AVM answers with the capitalization of the last cached query. To double-check that, I went for
socat - /tmp/kresd/tty/*
> option('NO_0X20', true)
on both on my Turris MOX and my Ubuntu 19.10. That disables the query-case randomization in the Knot Resolver. I waited half an hour (1800 seconds) until both the CNAME and the A record were invalidated in the DNS cache, and issued
dig repo.turris.cz
on both devices. Both stayed with UDP and got an IP address. There we go! Fixed.
This raises four questions:
- How do I set that option in my Turris MOX not just temporarily but permanently?
- Why did my Turris MOX not cache the first result but creates a new query each time?
- Why does this affect only CNAME + A(AAA) answers?
- Is there anything AVM, the Knot Resolver Team, or the Turris Team should do about this? I noticed, there is not only this
NO_0X20but also a broaderSAFEMODEoption. Should the Turris Team go for that, just for the “Use provider’s DNS resolver” option? Or couple (and mention) it with the DNSSEC option?
Furthermore, I think I found the full-resolver issue as well. When I go for
sudo service kresd@1 restart
Knot Resolver does a full resolve although /etc/knot-resolver/kresd.conf said to use stub/forwarding (on my computer, I enabled verbose via the config file). Finally, while reading the documentation, I found some broken hyperlinks in the section trace. Where do I report things like this?
Finally, finally, the documentation of the module workarounds should link to its source code to give a better understanding. From reading the documentation, I thought that module does NO_0X20 for all, but it only does it for some domains. Perhaps the documentation could mention even that option while explaining the module: If you have to turn-off this randomization for all domains, go for …