DNS alias found where canonical name expected errors...

Sat Apr 14 19:10:27 UTC 2001

Hey guys, I know this question was asked and answered before but I'm
still having problems with looking up machine names that have chains of
CNAMEs. I'm running BIND 8.2.3 with the following options (from
/etc/named.conf):

options {
	check-names master ignore;
	check-names slave ignore;
	check-names response ignore;

	pid-file "/var/run/named.pid";
	directory "/etc/namedb";
	/*
	 * If there is a firewall between you and nameservers you want
	 * to talk to, you might need to uncomment the query-source
	 * directive below.  Previous versions of BIND always asked
	 * questions using port 53, but BIND 8.1 uses an unprivileged
	 * port by default.
	 */
	// query-source address * port 53;

	listen-on { 127.0.0.1; };

	multiple-cnames yes;  // allow chains of CNAMEs right????????
};

Now if BIND runs across an illegal setup, like the following:

% dig -t a www.cs.jhu.edu

; <<>> DiG 8.2 <<>> -t www.cs.jhu.edu 
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;	www.cs.jhu.edu, type = A, class = IN

;; ANSWER SECTION:
www.cs.jhu.edu.		2h2m38s IN CNAME  condor.cs.jhu.edu.
condor.cs.jhu.edu.	1h40m20s IN CNAME  web.cs.jhu.edu.
web.cs.jhu.edu.		1h40m20s IN A	128.220.13.101

;; AUTHORITY SECTION:
cs.jhu.edu.		1D IN NS	RacerX.mse.jhu.edu.
cs.jhu.edu.		1D IN NS	rio-grande.pha.jhu.edu.
cs.jhu.edu.		1D IN NS	blaze.cs.jhu.edu.
cs.jhu.edu.		1D IN NS	hops.cs.jhu.edu.

;; ADDITIONAL SECTION:
RacerX.mse.jhu.edu.	7m2s IN A	128.220.8.2
rio-grande.pha.jhu.edu.  6d19h31m7s IN A  128.220.26.134
blaze.cs.jhu.edu.	1D IN A		128.220.13.50
hops.cs.jhu.edu.	1D IN A		128.220.223.10

;; Total query time: 1 msec
;; FROM: ice13.cnds.jhu.edu to SERVER: default -- 128.220.221.1
;; WHEN: Sat Apr 14 14:53:32 2001
;; MSG SIZE  sent: 32  rcvd: 244

And a client process requests a lookup of www.cs.jhu.edu, will BIND
respond with an error saying something along the lines of "CNAME found
where canonical name expected" or will it just follow the chain of
CNAMEs until it gets to the A record?

nslookup has no problem:

% nslookup www.cs.jhu.edu
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    web.cs.jhu.edu
Address:  128.220.13.101
Aliases:  www.cs.jhu.edu, condor.cs.jhu.edu

So is BIND doing the work for nslookup or is it making multiple requests
when it gets an error back from BIND?

For my client library I'm using libadns. For those of you who know adns
I'm making the following query:

<LIBADNS SPECIFIC>

  if ((err = adns_synchronous(my_adns_state, "www.cs.jhu.edu", adns_r_a,
                              adns_qf_cname_loose, &answer)) != 0)
    exit(fprintf(stderr, "adns_synchronous failed: %s\n",
strerror(err)));

  if (answer->status != 0)
    exit(fprintf(stderr, "query failure: %s\n",
adns_strerror(answer->status)));

Which prints out the following error:

query failure: DNS alias found where canonical name wanted

adnshost has the same problem:

% ./adnshost www.cs.jhu.edu
www.cs.jhu.edu CNAME condor.cs.jhu.edu
Error during DNS A lookup for www.cs.jhu.edu: DNS alias found where
canonical name wanted

This implies to me that BIND is either responding with a CNAME chain
error or that adns is making multiple queries for the A record that I
request and balks when it sees a CNAME chain. But even if the second
case is what is happening shouldn't the adns_qf_cname_loose option allow
this? Any ideas?

</LIBADNS SPECIFIC>

Thanks in advance,
John
Research Assistant
The Center for Networking and Distributed Systems
The Johns Hopkins University