On Tue, Oct 24, 2017 at 11:28:45AM +0200, Harald Dunkel wrote:
> if I run dig to query an AAAA record via dnsmasq, then
> sometimes I get the CNAME only. Sample:
> bash-4.4# dig @10.100.0.2 developer.apple.com AAAA +short
> This is misleading, because both don't have an AAAA record.
> I didn't ask for the CNAME, anyway. Shouldn't it just shut
> up in this case?
No. CNAME says "direct every query for this name to this one, the
CNAME target." The example you showed is a CNAME chain, where the
Apple CNAME points to the Akadns CNAME, which in turn points to the
aaplimg.com name (which is not a CNAME.)
Take off +short and the world-gen.g.aaplimg.com./IN/AAAA query is
indeed a NOERROR reply, which in this case means the name exists,
but there's no data of the requested type. (Offer void where taxed
or prohibited, or where mangled by Cloudflare.)
Such abuse of the DNS is commonplace these days. And there are
reasons for it, namely CDN replies tailored for what is hoped to
produce the fastest connection to the requested resources.
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Dnsmasq-discuss mailing list