[dns-operations] Question about resolver behavior vis-a-vis CNAME

Paul Vixie paul at redbarn.org
Wed Sep 16 10:55:35 UTC 2015

Vithalprasad Gaitonde wrote:
> Hi,
> The name server for www.csrc.gov.cn <http://www.csrc.gov.cn> seem to
> have a CNAME and SOA record at www.csrc.gov.cn <http://www.csrc.gov.cn>.
> Since RFC 1034 states that “If a CNAME RR is present at a node, no other data should be present…”, what is the expected behavior for a resolver which receives the below response while recurring a query for A record at www.csrc.gov.cn <http://www.csrc.gov.cn>
> www.csrc.gov.cn. <javascript:addhost('www.csrc.gov.cn.')>       1800    IN      CNAME <http://www.ietf.org/rfc/rfc1035.txt>   www.csrc.gov.chinacache.net. <javascript:addhost('www.csrc.gov.chinacache.net.')>
> www.csrc.gov.cn. <javascript:addhost('www.csrc.gov.cn.')>       900     IN      SOA <http://www.ietf.org/rfc/rfc1035.txt>     ns.csrc.gov.cn. <javascript:addns('ns.csrc.gov.cn.')> root.csrc.gov.cn. <mailto:root at csrc.gov.cn?subject=www.csrc.gov.cn> 200212011 28800 14400 60 900
> Should the resolver return srv fail to the client.

the resolver isn't responsible for determining a correct outcome for
this misconfiguration. while SERVFAIL is a valid outcome, so would

behaviour that conflicts with the RFC is undefined, rather than having
enumerated error cases.

Paul Vixie

More information about the dns-operations mailing list