Return code differences between CNAME and other types when a DNAME exists

Question

Return code differences between CNAME and other types when a DNAME exists

Closed this issue 4 years ago · 6 comments

Program: Authoritative
Issue Type: Bug report (minor)

Short description

When there is a DNAME record in the zone file (partial rewrite to the same zone), and that record handles the query, then the RCODE of the server is different depending on whether the query type is for CNAME or not. After the DNAME rewrite, the new query name belongs to the same zone but doesn't exist. The server returns NXDOMAIN for all the types but returns NOERROR for the CNAME type. This is a minor subtle case that I came across while checking out different implementations, so I am unsure if this is intended or by mistake.

Environment

Operating system: Ubuntu 18
Software version: Authoritative Server 4.1.1
Software source: Ubuntu repository

Steps to reproduce

Consider the following sample zone file:


campus.edu.	500 SOA	ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300
campus.edu.	500 NS	ns1.outside.edu.
c.d.campus.edu.	500 DNAME	f.d.campus.edu.

For the query <a.c.d.campus.edu., A> the answer from the PDNS server is:

          "opcode QUERY",
          "rcode NXDOMAIN",
          "flags QR AA",
          ";QUESTION",
          "a.c.d.campus.edu. IN A",
          ";ANSWER",
          "a.c.d.campus.edu. 500 IN CNAME a.f.d.campus.edu.",
          "c.d.campus.edu. 500 IN DNAME f.d.campus.edu.",
          ";AUTHORITY",
          ";ADDITIONAL"

For the query <a.c.d.campus.edu., CNAME> the answer from the PDNS server is:

          "opcode QUERY",
          "rcode NOERROR",
          "flags QR AA",
          ";QUESTION",
          "a.c.d.campus.edu. IN CNAME",
          ";ANSWER",
          "a.c.d.campus.edu. 500 IN CNAME a.f.d.campus.edu.",
          "c.d.campus.edu. 500 IN DNAME f.d.campus.edu.",
          ";AUTHORITY",
          ";ADDITIONAL"

Expected/Actual behavior

BIND, NSD, and Knot authoritative servers return NXDOMAIN for both the queries. PowerDNS doesn't return NXDOMAIN only when the type is CNAME but returns NXDOMAIN for all other types.

Answer 1 · 2020-11-15T16:03:57.000Z

The PowerDNS behaviour looks correct to me. Are you sure BIND, NSD and Knot all return NXDOMAIN on a CNAME query in this context?

Answer 2 · 2020-11-15T16:09:18.000Z

unsure if this is intended or by mistake.

it is, to be clear, intentional

Answer 3 · 2020-11-15T16:11:17.000Z

The PowerDNS behaviour looks correct to me. Are you sure BIND, NSD and Knot all return NXDOMAIN on a CNAME query in this context?

Yes, those three implementations return NXDOMAIN on a CNAME query.

Answer 4 · 2020-11-16T13:41:30.000Z

Fix for Knot: https://gitlab.nic.cz/knot/knot-dns/-/merge_requests/1217

Answer 5 · 2020-11-16T13:55:04.000Z

@SivaKesava1 perhaps you want to file bugs with NSD and BIND?

Answer 6 · 2020-11-16T15:47:59.000Z

Sure, I will. Thanks for the clarification.