Do you like long terminology discussions, backed by a dozen RFC, where
people disagree on what's written in these RFC? If so, read on.

This issue was spotted by Peter van Dijk. It is about
draft-ietf-dnsop-nxdomain-cut-05, recently approved by IESG. The
problem is the definition of "QNAME" when there is a CNAME chain.

Section 1.1 says:

> "Denied name": the domain name whose existence has been denied by a
> response of rcode NXDOMAIN.  In most cases, it is the QNAME but,
> because of [RFC6604], it is not always the case.

And section 2:

> Warning: if there is a chain of CNAME (or DNAME), the name which
> does not exist is the last of the chain ([RFC6604]) and not the
> QNAME.  The NXDOMAIN stored in the cache is for the denied name, not
> always for the QNAME.

This text in draft-ietf-dnsop-nxdomain-cut-05 assumes that the QNAME
is the owner name in the Question Section. But RFC 2308 thinks otherwise:

> "QNAME" - the name in the query section of an answer, or where this
> resolves to a CNAME, or CNAME chain, the data field of the last
> CNAME.

RFC 1034 had a different definition of QNAME but is not clear on the
specific case of CNAME chains:

> A standard query specifies a target domain name (QNAME)

RFC 7719 does not define QNAME (probably because it seemed obvious).

So, which is right? In this DNS query:

% dig A www.afnic.fr

; <<>> DiG 9.10.3-P4-Ubuntu <<>> A www.afnic.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35551
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.afnic.fr.          IN A

;; ANSWER SECTION:
www.afnic.fr.           213 IN CNAME www.nic.fr.
www.nic.fr.             213 IN CNAME lb01-1.nic.fr.
lb01-1.nic.fr.          213 IN A 192.134.5.24

;; Query time: 875 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: Tue Sep 20 18:11:06 CEST 2016
;; MSG SIZE  rcvd: 100

Is the QNAME "www.afnic.fr" or "lb01-1.nic.fr" ("the data field of the
last CNAME")???



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to