How to Configure Uppercase DNS Domains in NSD3 (Like Berkeley.EDU) – Case-Sensitive DNS Implementation Guide


6 views

While DNS is technically case-insensitive per RFC 4343, many institutions like UC Berkeley maintain uppercase domain representations for legacy and branding purposes. The Berkeley.EDU example shows this is possible when properly configured.

In your nsd.conf file, you'll need to explicitly specify the case-preserving zone files:

zone:
    name: "Berkeley.EDU"
    zonefile: "/etc/nsd3/zones/Berkeley.EDU.zone"
    allow-query: any

The zone file must maintain consistent case usage. Here's a working example:

$ORIGIN Berkeley.EDU.
@       3600    IN      SOA     adns1.Berkeley.EDU. hostmaster.Berkeley.EDU. (
                                2024021501 ; serial
                                3600       ; refresh
                                900        ; retry
                                2419200    ; expire
                                3600 )     ; negative TTL

        IN      NS      adns1.Berkeley.EDU.
        IN      NS      adns2.Berkeley.EDU.
www     IN      A       128.32.0.65

After reloading NSD3, verify with dig:

dig @your-nsd-server Berkeley.EDU SOA +nocomments

You should see the authoritative response with preserved case in both query and answer sections.

Institutions like Berkeley maintain case consistency through:

  • Legacy systems requiring specific case formats
  • Custom DNS software patches
  • Consistent zone file management policies

Be aware of these challenges:

# Common mistake in NSD3 configs:
zone:
    name: "berkeley.edu"  # Will lowercase all responses
    zonefile: "/etc/nsd3/Berkeley.EDU.zone"  # Mismatch

Ensure all configurations (including reverse zones) maintain case consistency.

While DNS is technically case-insensitive according to RFC 4343 (domain names are case-preserving but case-insensitive for comparison), some institutions like Berkeley.EDU maintain uppercase letters in their DNS records. This creates interesting technical challenges when you want to implement similar behavior using NSD3.

The DNS protocol stores names in their original case but compares them case-insensitively. Here's what happens at different levels:

; Example showing case preservation in zone file
$ORIGIN Example.COM.
www     IN A     192.0.2.1
Mail    IN MX 10 mail.example.com.

To achieve this with NSD3, you need to modify your zone file and configuration:

# nsd.conf configuration
zone:
    name: "Berkeley.EDU"
    zonefile: "/etc/nsd3/zones/berkeley.zone"
    provide-xfr: 192.0.2.53 NOKEY

In your zone file:

$ORIGIN Berkeley.EDU.
@       3600 IN SOA  ns1.Berkeley.EDU. hostmaster.Berkeley.EDU. (
                     2023081501 ; serial
                     3600       ; refresh
                     900        ; retry
                     604800     ; expire
                     3600 )     ; minimum
        IN NS     ns1.Berkeley.EDU.
        IN NS     ns2.Berkeley.EDU.
www     IN A      128.32.0.11
CS      IN NS     ns.CS.Berkeley.EDU.

After setting up your NSD3 server, verify the case preservation:

dig @your-nsd-server Berkeley.EDU. SOA +nocomments

You should see the response preserves the original case:

;; QUESTION SECTION:
;Berkeley.EDU.                 IN      SOA

;; ANSWER SECTION:
Berkeley.EDU.          3600    IN      SOA     ns1.Berkeley.EDU. hostmaster.Berkeley.EDU. 2023081501 3600 900 604800 3600

Some resolvers might lowercase responses. To ensure case preservation:

  • Configure NSD3 to always respond with authoritative data
  • Set up proper DNSSEC to prevent intermediary modifications
  • Use TCP queries which are less likely to be modified

Example of a case-preserving query:

dig +tcp @ns1.Berkeley.EDU. CS.Berkeley.EDU. NS

While case preservation doesn't significantly impact performance, be aware that:

  • Zone transfers might be slightly larger due to case differences
  • Some caching resolvers might store multiple case variants
  • DNSSEC signatures are case-sensitive, requiring careful management