[dns-operations] Question about resolver behavior vis-a-vis CNAME
Ken Peng
ken at cloud-china.org
Wed Sep 16 10:19:58 UTC 2015
I dig and found the info:
$ dig www.csrc.gov.cn soa @ns.csrc.gov.cn +short
ns.csrc.gov.cn. root.csrc.gov.cn. 200212011 28800 14400 60 900
It does seem to have a SOA assigned with www hostname.
This has broken RFC as you said.
I think they may have been using some LB device like F5 BIG-IP which was misconfigured to cause this issue.
Regards.
On Wed, 16 Sep 2015 07:52:22 +0000, Vithalprasad Gaitonde <gaitonde.vithalprasad at microsoft.com> wrote:
> Hi,
>
> The name server for www.csrc.gov.cn<http://www.csrc.gov.cn> seem to have a CNAME and SOA record at www.csrc.gov.cn<http://www.csrc.gov.cn>.
>
> Since RFC 1034 states that "If a CNAME RR is present at a node, no other data should be present...", what is the expected behavior for a resolver which receives the below response while recurring a query for A record at www.csrc.gov.cn<http://www.csrc.gov.cn>
>
>
>
> www.csrc.gov.cn.<javascript:addhost('www.csrc.gov.cn.')> 1800 IN CNAME<http://www.ietf.org/rfc/rfc1035.txt> www.csrc.gov.chinacache.net.<javascript:addhost('www.csrc.gov.chinacache.net.')>
>
> www.csrc.gov.cn.<javascript:addhost('www.csrc.gov.cn.')> 900 IN SOA<http://www.ietf.org/rfc/rfc1035.txt> ns.csrc.gov.cn.<javascript:addns('ns.csrc.gov.cn.')> root.csrc.gov.cn.<mailto:root at csrc.gov.cn?subject=www.csrc.gov.cn> 200212011 28800 14400 60 900
>
>
>
> Should the resolver return srv fail to the client.
>
>
>
> Thanks,
>
> Prasad
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list