about the non-authoritative CNAME

pangj pangj at riseup.net
Fri Jun 15 02:18:56 UTC 2012

> In message<4FDA970E.9080300 at riseup.net>, pangj writes:
>> Hi,
>> If BIND is authoritative for zone a, and is not authoritative for zone
>> b, but zone b is configured in BIND's zone file, and x.zonea.com is
>> CNAME'd to y.zoneb.com.
>> When DNS client queries to this BIND for x.zonea.com, it gets the
>> authoritative answers for both x.zonea.com and y.zoneb.com, certainly
>> y.zoneb.com is a fake one.
>> How DNS client handle this case?
>> Thanks.
> It depends on the client and whether the zones are signed or not
> and whether the client is validating responses or not.
> Stub clients will almost always trust the complete answer.
> For iterative clients it depends on their level of paranoia.

Thanks Mark.
For a DNS caching only server, for example, BIND,  it will validate the 
response always, is it?

Email/Jabber/Gtalk: pangj at riseup.net
Free DNS Hosting with www.DNSbed.com

More information about the bind-users mailing list