about the non-authoritative CNAME
Mark Andrews
marka at isc.org
Fri Jun 15 02:11:02 UTC 2012
In message <4FDA970E.9080300 at riseup.net>, pangj writes:
> Hi,
>
> If BIND is authoritative for zone a, and is not authoritative for zone
> b, but zone b is configured in BIND's zone file, and x.zonea.com is
> CNAME'd to y.zoneb.com.
>
> When DNS client queries to this BIND for x.zonea.com, it gets the
> authoritative answers for both x.zonea.com and y.zoneb.com, certainly
> y.zoneb.com is a fake one.
>
> How DNS client handle this case?
> Thanks.
It depends on the client and whether the zones are signed or not
and whether the client is validating responses or not.
Stub clients will almost always trust the complete answer.
For iterative clients it depends on their level of paranoia.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list