[dns-operations] Ultra DNS responding with NXDOMAIN for "www.uber.com"

Shreyas Zare shreyas at technitium.com
Sun Aug 8 09:50:24 UTC 2021


Thanks everyone for the useful responses.

On Sun, Aug 8, 2021 at 9:08 AM Dave Lawrence <tale at dd.org> wrote:

> I agree with Viktor that the parent should have delegation records for
> the same-server child, but note that response with the rcode NXDOMAIN
> for a CNAME chain shouldn't be causing a problem for a modern
> resolver.  A resolver should restart query processing with the target
> of each CNAME in the chain, and ultimately come to its own conclusion
> about whether the target at the end of the chain exists.
> I suspect that this issue existed for a while and the lack of
> screaming about it hints to me that for the vast majority of clients
> things continued to work fine.  FWIW, from my network vantage point,
> when querying edns126.ultradns.com for type A directly I get a
> response that has rcode NOERROR and terminates the chain with an
> address record.
> Shreyas, did you encounter a production resolver that was having a
> problem with chain/NXDOMAIN response?

Yes, this was an issue in the code I have in production but has been
mitigated. The resolver I have does restart for the last CNAME regardless
of the RCODE but, the negative cache implementation based on RFC2308 and
RFC8020 caused the NXDOMAIN response to get cached causing the issue.

*Shreyas Zare*
Technitium <https://technitium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210808/4ee005af/attachment.html>

More information about the dns-operations mailing list