On Tue, Oct 24, 2017 at 11:28:45AM +0200, Harald Dunkel wrote:
> if I run dig to query an AAAA record via dnsmasq, then 
> sometimes I get the CNAME only. Sample:
> bash-4.4# dig @ developer.apple.com AAAA +short
> developer-cdn.apple.com.akadns.net.
> world-gen.g.aaplimg.com.
> This is misleading, because both don't have an AAAA record.
> I didn't ask for the CNAME, anyway. Shouldn't it just shut 
> up in this case?

No.  CNAME says "direct every query for this name to this one, the 
CNAME target."  The example you showed is a CNAME chain, where the 
Apple CNAME points to the Akadns CNAME, which in turn points to the 
aaplimg.com name (which is not a CNAME.)

Take off +short and the world-gen.g.aaplimg.com./IN/AAAA query is 
indeed a NOERROR reply, which in this case means the name exists,
but there's no data of the requested type.  (Offer void where taxed 
or prohibited, or where mangled by Cloudflare.)

Such abuse of the DNS is commonplace these days.  And there are 
reasons for it, namely CDN replies tailored for what is hoped to 
produce the fastest connection to the requested resources.
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Dnsmasq-discuss mailing list

Reply via email to