should named return nxdomain when CNAME can't be resolved?

Adam Tkac atkac at redhat.com
Mon Oct 15 16:39:45 UTC 2007


Hi,

I have configured test zone (stripped):

cn.test. CNAME test.
test.   IN A 1.1.1.1

when I run recursive AAAA query I get this result:

; <<>> DiG 9.5.0a6 <<>> @127.0.0.1 cn.test AAAA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41821
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;cn.test.                       IN      AAAA

;; ANSWER SECTION:
cn.test.                86400   IN      CNAME   test.

;; AUTHORITY SECTION:
test.                   10800   IN      SOA     test. rname.invalid. 0 86400 3600 604800 10800

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 15 18:28:10 2007
;; MSG SIZE  rcvd: 88

when AAAA record for test. exists dig returns:

; <<>> DiG 9.5.0a6 <<>> @127.0.0.1 cn.test AAAA
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21378
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;cn.test.                       IN      AAAA

;; ANSWER SECTION:
cn.test.                86400   IN      CNAME   test.
test.                   86400   IN      AAAA    1234::1234

;; AUTHORITY SECTION:
test.                   86400   IN      NS      test.

;; ADDITIONAL SECTION:
test.                   86400   IN      A       1.1.1.1

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 15 18:31:50 2007
;; MSG SIZE  rcvd: 97


I think current named behavior is bad when CNAME can't be resolved to address (if I don't miss some RFC definition :) ). There're two possible solutions:
1. named returns A record in additional section (as is when AAAA record exists)
2. named returns answer with status NXDOMAIN (looks like best solution for me)


What's your opinion?

Adam


More information about the bind-workers mailing list