should named return nxdomain when CNAME can't be resolved?
Adam Tkac
atkac at redhat.com
Mon Oct 15 16:39:45 UTC 2007
Hi,
I have configured test zone (stripped):
cn.test. CNAME test.
test. IN A 1.1.1.1
when I run recursive AAAA query I get this result:
; <<>> DiG 9.5.0a6 <<>> @127.0.0.1 cn.test AAAA
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41821
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cn.test. IN AAAA
;; ANSWER SECTION:
cn.test. 86400 IN CNAME test.
;; AUTHORITY SECTION:
test. 10800 IN SOA test. rname.invalid. 0 86400 3600 604800 10800
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 15 18:28:10 2007
;; MSG SIZE rcvd: 88
when AAAA record for test. exists dig returns:
; <<>> DiG 9.5.0a6 <<>> @127.0.0.1 cn.test AAAA
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21378
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;cn.test. IN AAAA
;; ANSWER SECTION:
cn.test. 86400 IN CNAME test.
test. 86400 IN AAAA 1234::1234
;; AUTHORITY SECTION:
test. 86400 IN NS test.
;; ADDITIONAL SECTION:
test. 86400 IN A 1.1.1.1
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Oct 15 18:31:50 2007
;; MSG SIZE rcvd: 97
I think current named behavior is bad when CNAME can't be resolved to address (if I don't miss some RFC definition :) ). There're two possible solutions:
1. named returns A record in additional section (as is when AAAA record exists)
2. named returns answer with status NXDOMAIN (looks like best solution for me)
What's your opinion?
Adam
More information about the bind-workers
mailing list