Roberto Bosticardo rbosticardo at
Wed Oct 5 10:58:37 UTC 2011

Hi all,

I have a problem with named (both bind9.3 and bind9.7) and resolution of 
the problem is not present in dnscache (of djbdns suite) or asking 
resolution to google public dns (they run a Google implementation of dns 

If you ask a resolver/cache server running named the resolution of name 
"" it returns (SERVFAIL), if you ask the same to a 
dnscache server it correctly resolves to the ip address.

The problem seems related to two CNAME resolution with tools of bind 
suite (the problem is present also with dig, I think it uses the same 
routine of named).

the answer section from a working resolver is something like:

>         86395   IN      CNAME
>       3595    IN      CNAME
> 30 IN     A

asking to a named resolver it seems it cannot resolve the last cname

>         86395   IN      CNAME
>       3595    IN      CNAME

Simulating the recursion, going top down from root nameservers, and 
asking as the last step the resolution of "" 
to "" or one of the other autoritarive akadns server it 
give the correct ip address.

The path seems this:
. -> .fr. ->
autoritative for are and
asking A records for to it gives you the 
Named seems unable to resolve this CNAME.

I tried to deep debug the problem without success.

We have customers affected by this problem and we solved with the 
definition of a zone for that forwards to a djbdns dnscache 
server that correctly resolves; This is intended as workaround till we 
will fix the problem on named/bind.

I also suspected it was something related do EDNS0 but i quite sure this 
is not the problem because google public dns resolver implement EDNS and 
they don't have the problem.

Are your named servers affected by the same problem ?
Can you try this name resolution on your servers ?
Have you any idea on how to solve the problem ?
Have you further tests to suggest us ?

Thanx for you patience and forgive me for my bad english
Hope someone can help


