[dns-operations] DNAME, authoritative name servers, and the return code for non-existing domains

John Levine johnl at taugh.com
Tue May 28 16:40:37 UTC 2019

In article <20190528112834.GA20837 at laperouse.bortzmeyer.org> you write:
>RFC 6604 clearly says that the return code must be the last of the
>chain of aliases, ...

It says:

      When an xNAME chain is followed, all but the last query cycle
      necessarily had no error.  The RCODE in the ultimate DNS response
      MUST BE set based on the final query cycle leading to that

"When an xNAME chain is followed" sounds to me like it's defining the
result from the cache, not from the authoritative server.

Now I'm looking at RFC 6672, which is newer than 6604, and I'm
somewhat confused trying to follow the steps in the server algorithm
in section 3.2 for a non-recursive server.

I think it says that if my server has a resolver and a cache, I should
follow the CNAME, in steps 4 and 5.  If it doesn't, it falls through
and drops off the end.

So they're both right depending on whether or not the server has a
cache.  The servers that return NXDOMAIN are running BIND, and the
other two that return NOERROR are not, which makes sense since BIND
mixes authoritative and cache in the same program while the other
servers don't.


John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

More information about the dns-operations mailing list