about the non-authoritative CNAME
marka at isc.org
Fri Jun 15 02:27:37 UTC 2012
In message <4FDA9B90.8040107 at riseup.net>, pangj writes:
> > In message<4FDA970E.9080300 at riseup.net>, pangj writes:
> >> Hi,
> >> If BIND is authoritative for zone a, and is not authoritative for zone
> >> b, but zone b is configured in BIND's zone file, and x.zonea.com is
> >> CNAME'd to y.zoneb.com.
> >> When DNS client queries to this BIND for x.zonea.com, it gets the
> >> authoritative answers for both x.zonea.com and y.zoneb.com, certainly
> >> y.zoneb.com is a fake one.
> >> How DNS client handle this case?
> >> Thanks.
> > It depends on the client and whether the zones are signed or not
> > and whether the client is validating responses or not.
> > Stub clients will almost always trust the complete answer.
> > For iterative clients it depends on their level of paranoia.
> Thanks Mark.
> For a DNS caching only server, for example, BIND, it will validate the
> response always, is it?
named is paranoid. It discards the rest of the response after processing
> Email/Jabber/Gtalk: pangj at riseup.net
> Free DNS Hosting with www.DNSbed.com
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
> bind-users mailing list
> bind-users at lists.isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users