Same invalid CNAME behavior can be observed at msedge.net: ; <<>> DiG 9.21.14 <<>> +norec -t A l-ring.msedge.net. @ns1.msedge.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19903 ;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1224 ;; QUESTION SECTION: ;l-ring.msedge.net. IN A ;; ANSWER SECTION: l-ring.msedge.net. 60 IN CNAME l-ring.l-9999.l-msedge.net. l-ring.l-9999.l-msedge.net. 240 IN CNAME l-9999.l-msedge.net. l-9999.l-msedge.net. 240 IN A 13.107.42.254 ;; Query time: 14 msec ;; SERVER: 204.79.197.1#53(ns1.msedge.net.) (UDP) ;; WHEN: Thu Nov 27 12:38:48 CET 2025 ;; MSG SIZE rcvd: 113 but ; <<>> DiG 9.21.14 <<>> +norec -t HTTPS l-ring.msedge.net. @ns1.msedge.net. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6454 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1224 ;; QUESTION SECTION: ;l-ring.msedge.net. IN HTTPS ;; AUTHORITY SECTION: msedge.net. 900 IN SOA ns1.msedge.net. msnhst.microsoft.com. 2016041201 1800 900 2419200 3600 ;; Query time: 14 msec ;; SERVER: 204.79.197.1#53(ns1.msedge.net.) (UDP) ;; WHEN: Thu Nov 27 12:38:57 CET 2025 ;; MSG SIZE rcvd: 106 Ondrej -- Ondřej Surý (He/Him) [email protected] > On 27. 11. 2025, at 12:34, Ondřej Surý <[email protected]> wrote: > > Hey Joe, > > found another case of CNAME weirdness. > > CNAME returned for A query (or NS or any other type that exists at the target > of the CNAME): > > ; <<>> DiG 9.21.14 <<>> +norec in A www.berlin-city-tour.de. > @lina.ns.cloudflare.com. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1239 > ;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ;; QUESTION SECTION: > ;www.berlin-city-tour.de. IN A > > ;; ANSWER SECTION: > www.berlin-city-tour.de. 60 IN CNAME berlin-city-tour.de. > berlin-city-tour.de. 300 IN A 167.71.36.225 > > ;; Query time: 17 msec > ;; SERVER: 2606:4700:50::adf5:3abb#53(lina.ns.cloudflare.com.) (UDP) > ;; WHEN: Thu Nov 27 12:27:02 CET 2025 > ;; MSG SIZE rcvd: 82 > > CNAME not returned for NODATA answer: > > ; <<>> DiG 9.21.14 <<>> +norec in AAAA www.berlin-city-tour.de. > @lina.ns.cloudflare.com. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42854 > ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ;; QUESTION SECTION: > ;www.berlin-city-tour.de. IN AAAA > > ;; AUTHORITY SECTION: > berlin-city-tour.de. 1800 IN SOA amit.ns.cloudflare.com. > dns.cloudflare.com. 2389579513 10000 2400 604800 1800 > > ;; Query time: 17 msec > ;; SERVER: 2606:4700:50::adf5:3abb#53(lina.ns.cloudflare.com.) (UDP) > ;; WHEN: Thu Nov 27 12:27:33 CET 2025 > ;; MSG SIZE rcvd: 114 > > I believe the CNAME has to be returned regardless of the target existence. > > Cheers, > Ondrej > -- > Ondřej Surý (He/Him) > [email protected] > _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
