Return code differences between CNAME and other types when a DNAME exists
Closed this issue · 6 comments
- Program: Authoritative
- Issue Type: Bug report (minor)
Short description
When there is a DNAME
record in the zone file (partial rewrite to the same zone), and that record handles the query, then the RCODE
of the server is different depending on whether the query type is for CNAME
or not. After the DNAME
rewrite, the new query name belongs to the same zone but doesn't exist. The server returns NXDOMAIN
for all the types but returns NOERROR
for the CNAME
type. This is a minor subtle case that I came across while checking out different implementations, so I am unsure if this is intended or by mistake.
Environment
- Operating system: Ubuntu 18
- Software version: Authoritative Server 4.1.1
- Software source: Ubuntu repository
Steps to reproduce
Consider the following sample zone file:
campus.edu. | 500 SOA | ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300 |
campus.edu. | 500 NS | ns1.outside.edu. |
c.d.campus.edu. | 500 DNAME | f.d.campus.edu. |
For the query <a.c.d.campus.edu., A>
the answer from the PDNS server is:
"opcode QUERY",
"rcode NXDOMAIN",
"flags QR AA",
";QUESTION",
"a.c.d.campus.edu. IN A",
";ANSWER",
"a.c.d.campus.edu. 500 IN CNAME a.f.d.campus.edu.",
"c.d.campus.edu. 500 IN DNAME f.d.campus.edu.",
";AUTHORITY",
";ADDITIONAL"
For the query <a.c.d.campus.edu., CNAME>
the answer from the PDNS server is:
"opcode QUERY",
"rcode NOERROR",
"flags QR AA",
";QUESTION",
"a.c.d.campus.edu. IN CNAME",
";ANSWER",
"a.c.d.campus.edu. 500 IN CNAME a.f.d.campus.edu.",
"c.d.campus.edu. 500 IN DNAME f.d.campus.edu.",
";AUTHORITY",
";ADDITIONAL"
Expected/Actual behavior
BIND, NSD, and Knot authoritative servers return NXDOMAIN
for both the queries. PowerDNS doesn't return NXDOMAIN
only when the type is CNAME
but returns NXDOMAIN
for all other types.
The PowerDNS behaviour looks correct to me. Are you sure BIND, NSD and Knot all return NXDOMAIN on a CNAME query in this context?
unsure if this is intended or by mistake.
it is, to be clear, intentional
The PowerDNS behaviour looks correct to me. Are you sure BIND, NSD and Knot all return NXDOMAIN on a CNAME query in this context?
Yes, those three implementations return NXDOMAIN on a CNAME query.
@SivaKesava1 perhaps you want to file bugs with NSD and BIND?
Sure, I will. Thanks for the clarification.