On 3/13/23 11:41, Chris Hofstaedtler | Deduktiva via Pdns-users wrote:
* Christoph <c...@appliedprivacy.net> [230312 19:52]:
When there is an xNAME chain, the RCODE field is set as follows:
When an xNAME chain is followed, all but the last query cycle
necessarily had no error. The RCODE in the ultimate DNS response
MUST BE set based on the final query cycle leading to that
response. If the xNAME chain was terminated by an error, it will
be that error code.
Is it possible to construct a query that asks the server
to not follow the chain?
From what I can tell, there is no way of not getting NXDOMAIN here.
Well, if you ask for the xNAME (e.g. CNAME) record, then you'll get that (with
a NOERROR code). So by issuing an xNAME query in addition to the record type
you're interested in, you can learn whether the NXDOMAIN is due to the queried
name not existing, or due to the CNAME chain target not existing.
However, I doubt this is a reasonable approach for your ACME client.
Cheers,
Peter
--
https://desec.io/
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
