[dns-operations] Question about resolver behavior vis-a-vis CNAME
Paul Vixie
paul at redbarn.org
Wed Sep 16 10:55:35 UTC 2015
Vithalprasad Gaitonde wrote:
>
> Hi,
>
> The name server for www.csrc.gov.cn <http://www.csrc.gov.cn> seem to
> have a CNAME and SOA record at www.csrc.gov.cn <http://www.csrc.gov.cn>.
>
> Since RFC 1034 states that “If a CNAME RR is present at a node, no other data should be present…”, what is the expected behavior for a resolver which receives the below response while recurring a query for A record at www.csrc.gov.cn <http://www.csrc.gov.cn>
>
> www.csrc.gov.cn. <javascript:addhost('www.csrc.gov.cn.')> 1800 IN CNAME <http://www.ietf.org/rfc/rfc1035.txt> www.csrc.gov.chinacache.net. <javascript:addhost('www.csrc.gov.chinacache.net.')>
> www.csrc.gov.cn. <javascript:addhost('www.csrc.gov.cn.')> 900 IN SOA <http://www.ietf.org/rfc/rfc1035.txt> ns.csrc.gov.cn. <javascript:addns('ns.csrc.gov.cn.')> root.csrc.gov.cn. <mailto:root at csrc.gov.cn?subject=www.csrc.gov.cn> 200212011 28800 14400 60 900
>
> Should the resolver return srv fail to the client.
the resolver isn't responsible for determining a correct outcome for
this misconfiguration. while SERVFAIL is a valid outcome, so would
RCODE=0 ANCOUNT=0 for QTYPE <> SOA.
behaviour that conflicts with the RFC is undefined, rather than having
enumerated error cases.
--
Paul Vixie
More information about the dns-operations
mailing list