different behavior: A Records in DNS answer, when query of type "any" (existing CNAME)

Diezig Adrian adrian.diezig at devoteam.ch
Mon Mar 7 11:36:00 UTC 2011 

Hi,

I have a question concerning answers from DNS servers, when I query a name with type "any" and the name is a CNAME.
I have the following example (works also in Internet) with an ISC BIND server (BIND 9.7.0-P1):

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @newton.genesiscom.ch dns.ipam.ch
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25078
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dns.ipam.ch.                   IN      A

;; ANSWER SECTION:
dns.ipam.ch.            600     IN      CNAME   www.ipam.ch.
www.ipam.ch.            600     IN      A       81.18.25.238

;; Query time: 1 msec
;; SERVER: 10.10.3.13#53(10.10.3.13)
;; WHEN: Mon Mar  7 11:52:38 2011
;; MSG SIZE  rcvd: 63


As you can see, we have a CNAME dns.ipam.ch that points to www.ipam.ch.
www.ipam.ch is an A-Record to 81.18.25.238.


When I do the following query (type=any to dns.ipam.ch), only the CNAME itself will be in the answer section (the A-Record not):

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @newton.genesiscom.ch dns.ipam.ch any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46532
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dns.ipam.ch.                   IN      ANY

;; ANSWER SECTION:
dns.ipam.ch.            600     IN      CNAME   www.ipam.ch.

;; Query time: 1 msec
;; SERVER: 10.10.3.13#53(10.10.3.13)
;; WHEN: Mon Mar  7 11:53:21 2011
;; MSG SIZE  rcvd: 47




When I do a comparable query (also with type=any) to another DNS Server (eg. google.com)....

; <<>> DiG 9.3.2 <<>> @ns1.google.com. www.google.com. any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1636
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      ANY

;; ANSWER SECTION:
www.google.com.         604800  IN      CNAME   www.l.google.com.
www.l.google.com.       300     IN      A       74.125.232.114
www.l.google.com.       300     IN      A       74.125.232.115
www.l.google.com.       300     IN      A       74.125.232.116
www.l.google.com.       300     IN      A       74.125.232.113
www.l.google.com.       300     IN      A       74.125.232.112

;; Query time: 46 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Mon Mar 07 09:44:32 2011
;; MSG SIZE  rcvd: 132


... I will get also the associated A Records.
Does anybody have an idea, why the behavior is different? Can I configure this on my DNS Server (ISC BIND)?

FYI:
dig @ns1.hp.com. www.hp.com. any
and
dig @ns1.yahoo.com. www.yahoo.com any

will also answer without any A-Records (like me).

I have the following questions:

-          which one is correct (RFC)?

-          is it configurable in ISC BIND?

-          does the behavior depends on different BIND version?

I know that it is not very common to do queries with type any. The problem we have is the following:
A Device/Application in our network is doing always queries from type "any".
>From our side it's not possible to change the type, because it's hard-coded in the software.

Kind regards

Adrian




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110307/e08b3c85/attachment.html>

More information about the bind-users mailing list