about the non-authoritative CNAME
pangj at riseup.net
Fri Jun 15 02:18:56 UTC 2012
> In message<4FDA970E.9080300 at riseup.net>, pangj writes:
>> If BIND is authoritative for zone a, and is not authoritative for zone
>> b, but zone b is configured in BIND's zone file, and x.zonea.com is
>> CNAME'd to y.zoneb.com.
>> When DNS client queries to this BIND for x.zonea.com, it gets the
>> authoritative answers for both x.zonea.com and y.zoneb.com, certainly
>> y.zoneb.com is a fake one.
>> How DNS client handle this case?
> It depends on the client and whether the zones are signed or not
> and whether the client is validating responses or not.
> Stub clients will almost always trust the complete answer.
> For iterative clients it depends on their level of paranoia.
For a DNS caching only server, for example, BIND, it will validate the
response always, is it?
Email/Jabber/Gtalk: pangj at riseup.net
Free DNS Hosting with www.DNSbed.com
More information about the bind-users