need clarification on "forward" behavior
Tony Finch
dot at dotat.at
Fri Oct 7 09:49:33 UTC 2016
Veaceslav Revutchi <slavarevutchi at gmail.com> wrote:
> I see the server forwarding the query and it gets the answer below:
>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
> ;;
> ;; ANSWER SECTION:
> aaa.example.org. 200 IN CNAME bbb.example.net.
> bbb.example.net. 60 IN A 10.64.64.64
>
> I would expect the server to return "10.64.64.64" to the client.
> Instead it recurses over "bbb.example.net" which comes back with a
> different "A" record from an external server and returns that IP to
> the client unless I add a forward for "example.net" also. Is this how
> it's supposed to work?
Interesting edge case.
I think this is to do with RFC 2181 section 5.4.1 trustworthiness ranking
of DNS data. (I seem to be referring to this spec a lot recently!) In
particular,
Note that the answer section of an authoritative answer normally
contains only authoritative data. However when the name sought is an
alias (see section 10.1.1) only the record describing that alias is
necessarily authoritative. Clients should assume that other records
may have come from the server's cache. Where authoritative answers
are required, the client should query again, using the canonical name
associated with the alias.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Fastnet: Southeast 4 or 5, occasionally 6 at first. Moderate, occasionally
rough at first in southwest. Occasional rain. Good, occasionally moderate.
More information about the bind-users
mailing list