Hello Mukund, On 5 Apr 2017, at 7:43, Mukund Sivaraman wrote:
> Evan just pointed out a case due to a system test failure that is > interesting.. it's not clear what the behavior should be in this case, > so please discuss: > > There's a nameserver that's authoritative for 2 zones example.org. and > example.com. > > In the example.org. zone, foo.example.org. is CNAME to bar.example.com. > > In the example.com. zone, the name bar.example.com. doesn't exist (NXDOMAIN). > > A query for "foo.example.org./A" is answered by the nameserver. It adds > the foo.example.org. CNAME bar.example.com. in the answer section, and > then, following RFC 1034 4.3.2. 3.(a.), sets the QNAME to > "bar.example.com" and looks into the "example.com" zone for > "bar.example.com.". It is not found. > > The question is: what is the expected reply RCODE for this? > > 1. Is it NOERROR (0) because there is an answer section with the CNAME? > > 2. Is it NXDOMAIN (3) because the CNAME target was not found? NXDOMAIN is correct. The text on this on 103x is a bit weak but 2308 2.1 clarifies this. > 3. Does it not matter if it is either? 2308 does say “ Some name servers fail to set the RCODE to NXDOMAIN in the presence of CNAMEs in the answer section. If a definitive NXDOMAIN / NODATA answer is required in this case the resolver must query again using the QNAME as the query label. “ but not all resolvers honour this. So I’d say it does matter. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
