about a query

Mon Feb 21 15:48:29 UTC 2011

That depends on the implementation. Really old versions of BIND would
have accepted the A record. However, it's not in-bailiwick, so any
name server that would accept it is very likely vulnerable to cache
poisoning.

Current versions of BIND (probably stretching back to somewhere in the
8.2 series) will disregard it and resolve it separately.

Chris Buxton
BlueCat Networks

On 2/21/11, Terry. <terry at list.dnsbed.com> wrote:
> Hello,
>
> Please see the dig info below. ns1.dns-diy.com is the auth-server of
> duowan.com domain.
> My question is, when ns1.dns-diy.com answer with a CNAME for
> "udb.duowan.com", and the answer also include an A RR for that alias,
> how will the public DNS cache servers handle this answer?
> Will the DNS cache use this A RR as result directly, or they make a
> new request for the alias domain name udb.duowan.blogchina.org and
> find the result?
>
> Thanks!
>
> $ dig udb.duowan.com +trace
>
> ; <<>> DiG 9.4.2-P2 <<>> udb.duowan.com +trace
> ;; global options:  printcmd
> .                       108212  IN      NS      d.root-servers.net.
> .                       108212  IN      NS      e.root-servers.net.
> .                       108212  IN      NS      m.root-servers.net.
> .                       108212  IN      NS      b.root-servers.net.
> .                       108212  IN      NS      g.root-servers.net.
> .                       108212  IN      NS      l.root-servers.net.
> .                       108212  IN      NS      c.root-servers.net.
> .                       108212  IN      NS      i.root-servers.net.
> .                       108212  IN      NS      k.root-servers.net.
> .                       108212  IN      NS      a.root-servers.net.
> .                       108212  IN      NS      j.root-servers.net.
> .                       108212  IN      NS      h.root-servers.net.
> .                       108212  IN      NS      f.root-servers.net.
> ;; Received 512 bytes from 202.96.128.86#53(202.96.128.86) in 4 ms
>
> com.                    172800  IN      NS      h.gtld-servers.net.
> com.                    172800  IN      NS      g.gtld-servers.net.
> com.                    172800  IN      NS      e.gtld-servers.net.
> com.                    172800  IN      NS      c.gtld-servers.net.
> com.                    172800  IN      NS      d.gtld-servers.net.
> com.                    172800  IN      NS      a.gtld-servers.net.
> com.                    172800  IN      NS      l.gtld-servers.net.
> com.                    172800  IN      NS      f.gtld-servers.net.
> com.                    172800  IN      NS      k.gtld-servers.net.
> com.                    172800  IN      NS      b.gtld-servers.net.
> com.                    172800  IN      NS      i.gtld-servers.net.
> com.                    172800  IN      NS      m.gtld-servers.net.
> com.                    172800  IN      NS      j.gtld-servers.net.
> ;; Received 492 bytes from 128.8.10.90#53(d.root-servers.net) in 340 ms
>
> duowan.com.             172800  IN      NS      ns1.dns-diy.com.
> duowan.com.             172800  IN      NS      ns2.dns-diy.com.
> ;; Received 204 bytes from 192.35.51.30#53(f.gtld-servers.net) in 300 ms
>
> udb.duowan.com.         90000   IN      CNAME   udb.duowan.blogchina.org.
> udb.duowan.blogchina.org. 5     IN      A       64.38.63.4
> ;; Received 86 bytes from 218.85.139.33#53(ns1.dns-diy.com) in 19 ms
>
> --
> Free SmartDNS Hosting:
> http://DNSbed.com/
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
Sent from my mobile device