about the non-authoritative CNAME

Mark Andrews marka at isc.org
Fri Jun 15 02:11:02 UTC 2012


In message <4FDA970E.9080300 at riseup.net>, pangj writes:
> Hi,
> 
> If BIND is authoritative for zone a, and is not authoritative for zone 
> b, but zone b is configured in BIND's zone file, and x.zonea.com is 
> CNAME'd to y.zoneb.com.
> 
> When DNS client queries to this BIND for x.zonea.com, it gets the 
> authoritative answers for both x.zonea.com and y.zoneb.com, certainly 
> y.zoneb.com is a fake one.
> 
> How DNS client handle this case?
> Thanks.

It depends on the client and whether the zones are signed or not
and whether the client is validating responses or not.

Stub clients will almost always trust the complete answer.
For iterative clients it depends on their level of paranoia. 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list