Hello Mark, Thank you for your swift and accurate response.
On Oct 26, 2012, at 15:12 , Mark Andrews wrote: > > You asked a ANY query. ANY and CNAME have different processing rules. > The query is NOT restarted with the target of the CNAME. See RFC 1034. > >> NSD returns the same minus the ra flag. >> >> PowerDNS, however, returns: > > You asked a different question (A != ANY). If you want to compare > answers you need to ask IDENTICAL questions. My mistake. NSD: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34556 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;nxd.example.com. IN A ;; ANSWER SECTION: nxd.example.com. 120 IN CNAME nxdomain.example.com. BIND, PowerDNS (same except for ra flag) ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4382 ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;nxd.example.com. IN A ;; ANSWER SECTION: nxd.example.com. 120 IN CNAME nxdomain.example.com. ;; AUTHORITY SECTION: example.com. 86400 IN SOA ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 To be complete: - for the A query, BIND and PowerDNS return NXDOMAIN+SOA, NSD returns NOERROR. - for the ANY query, NSD and BIND return NOERROR, PowerDNS returns NXDOMAIN+SOA. Then, as far as I can tell, BIND and PowerDNS do the right thing for the A query. NSD and BIND do the right thing for the ANY query, going from Mark's interpretation of the RFCs. However, 2308 and 6604 totally ignore the ANY exception to following CNAME chains, and one might argue that thus, 2308 and 6604 still mean that QNAME is the end of the CNAME chain in the response, and the RCODE thus should be NXDOMAIN. I think this argument could go either way. Unless conflicting opinions come in, I will fix PowerDNS to do the right thing for ANY, and will report the A query issue to the NSD developers. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
