Do you like long terminology discussions, backed by a dozen RFC, where
people disagree on what's written in these RFC? If so, read on.

This issue was spotted by Peter van Dijk. It is about
draft-ietf-dnsop-nxdomain-cut-05, recently approved by IESG. The
problem is the definition of "QNAME" when there is a CNAME chain.

Section 1.1 says:

> "Denied name": the domain name whose existence has been denied by a
> response of rcode NXDOMAIN.  In most cases, it is the QNAME but,
> because of [RFC6604], it is not always the case.

And section 2:

> Warning: if there is a chain of CNAME (or DNAME), the name which
> does not exist is the last of the chain ([RFC6604]) and not the
> QNAME.  The NXDOMAIN stored in the cache is for the denied name, not
> always for the QNAME.

This text in draft-ietf-dnsop-nxdomain-cut-05 assumes that the QNAME
is the owner name in the Question Section. But RFC 2308 thinks otherwise:

> "QNAME" - the name in the query section of an answer, or where this
> resolves to a CNAME, or CNAME chain, the data field of the last

RFC 1034 had a different definition of QNAME but is not clear on the
specific case of CNAME chains:

> A standard query specifies a target domain name (QNAME)

RFC 7719 does not define QNAME (probably because it seemed obvious).

So, which is right? In this DNS query:

% dig A

; <<>> DiG 9.10.3-P4-Ubuntu <<>> A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35551
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1280
;          IN A

;; ANSWER SECTION:           213 IN CNAME             213 IN CNAME          213 IN A

;; Query time: 875 msec
;; WHEN: Tue Sep 20 18:11:06 CEST 2016
;; MSG SIZE  rcvd: 100

Is the QNAME "" or "" ("the data field of the
last CNAME")???

DNSOP mailing list

Reply via email to