need clarification on "forward" behavior

Tony Finch dot at
Fri Oct 7 09:49:33 UTC 2016

Veaceslav Revutchi <slavarevutchi at> wrote:

> I see the server forwarding the query and it gets the answer below:
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> ;;
> 200 IN CNAME
> 60 IN A
> I would expect the server to return "" to the client.
> Instead it recurses over "" which comes back with a
> different "A" record from an external server and returns that IP to
> the client unless I add a forward for "" also. Is this how
> it's supposed to work?

Interesting edge case.

I think this is to do with RFC 2181 section 5.4.1 trustworthiness ranking
of DNS data. (I seem to be referring to this spec a lot recently!) In

   Note that the answer section of an authoritative answer normally
   contains only authoritative data.  However when the name sought is an
   alias (see section 10.1.1) only the record describing that alias is
   necessarily authoritative.  Clients should assume that other records
   may have come from the server's cache.  Where authoritative answers
   are required, the client should query again, using the canonical name
   associated with the alias.

f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
Fastnet: Southeast 4 or 5, occasionally 6 at first. Moderate, occasionally
rough at first in southwest. Occasional rain. Good, occasionally moderate.

More information about the bind-users mailing list