"dig +trace" doesn't follow non-empty referrals

Shumon Huque shuque at gmail.com
Tue Apr 7 12:11:55 UTC 2020

Hi folks,

I thought I'd check here before filing a bug in the gitlab repo -- in case
there is something I'm not understanding about dig's intended behavior.

"dig +trace" does not appear to be following referrals with a non-empty
answer section, e.g. with CNAMEs pointing below the zone cut. I tried this
with dig from several versions (9.11.x, 9.14.x, and 9.16.x) with the same

Here's a real example (for brevity, I'm showing the last parts of the

$ dig +trace dfw.salesforce.com. A
salesforce.com. 172800 IN NS udns1.salesforce.com.
salesforce.com. 172800 IN NS udns2.salesforce.com.
salesforce.com. 172800 IN NS udns3.salesforce.com.
salesforce.com. 172800 IN NS udns4.salesforce.com.
salesforce.com. 172800 IN NS pch1.salesforce-dns.com.
salesforce.com. 172800 IN NS pch2.salesforce-dns.com.
;; Received 444 bytes from in 7 ms

dfw.salesforce.com. 300 IN CNAME monitor-dfw.salesforce.com.
monitor-dfw.salesforce.com. 300 IN CNAME monitor-dfw.dfw.r.salesforce.com.
dfw.r.salesforce.com. 86400 IN NS ns1-dfw.salesforce.com.
;; Received 143 bytes from in 1 ms

The last response is above is a referral, but dig doesn't bother to follow
it and just terminates there.

Shumon Huque
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200407/77ea1976/attachment.htm>

More information about the bind-users mailing list