On Tue, Oct 24, 2017 at 11:28:45AM +0200, Harald Dunkel wrote: > if I run dig to query an AAAA record via dnsmasq, then > sometimes I get the CNAME only. Sample: > > bash-4.4# dig @10.100.0.2 developer.apple.com AAAA +short > developer-cdn.apple.com.akadns.net. > world-gen.g.aaplimg.com. > > This is misleading, because both don't have an AAAA record. > I didn't ask for the CNAME, anyway. Shouldn't it just shut > up in this case?
No. CNAME says "direct every query for this name to this one, the CNAME target." The example you showed is a CNAME chain, where the Apple CNAME points to the Akadns CNAME, which in turn points to the aaplimg.com name (which is not a CNAME.) Take off +short and the world-gen.g.aaplimg.com./IN/AAAA query is indeed a NOERROR reply, which in this case means the name exists, but there's no data of the requested type. (Offer void where taxed or prohibited, or where mangled by Cloudflare.) Such abuse of the DNS is commonplace these days. And there are reasons for it, namely CDN replies tailored for what is hoped to produce the fastest connection to the requested resources. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqfirstname.lastname@example.org http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss