Maintained by: NLnet Labs

[Unbound-users] Puzzling behavior with DNAME

Stephane Bortzmeyer
Tue May 25 13:44:23 CEST 2010


I'm playing with māori domain names
<http://www.te-reo.maori.dns.net.nz/> and Unbound's behavior surprises
me.

There is a DNAME from māori.dns.net.nz (xn--mori-qsa.dns.net.nz) to
maori.dns.net.nz:

% dig ANY te-reo.xn--mori-qsa.dns.net.nz                                   
...
;; ANSWER SECTION:
xn--mori-qsa.dns.net.nz. 86400  IN      DNAME   maori.dns.net.nz.
te-reo.xn--mori-qsa.dns.net.nz. 0 IN    CNAME   te-reo.maori.dns.net.nz.
te-reo.maori.dns.net.nz. 3437   IN      A       202.160.48.39

When the name does not exist, a BIND resolver tells me NXDOMAIN:

% dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz 
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57869

But Unbound 1.4.1 tells me NOERROR, which seems wrong:

% dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz 

; <<>> DiG 9.5.1-P3 <<>> ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3907
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;tagadatsointsoin.xn--mori-qsa.dns.net.nz. IN ANY

;; ANSWER SECTION:
xn--mori-qsa.dns.net.nz. 86400  IN      DNAME   maori.dns.net.nz.
tagadatsointsoin.xn--mori-qsa.dns.net.nz. 0 IN CNAME tagadatsointsoin.maori.dns.net.nz.

;; AUTHORITY SECTION:
maori.dns.net.nz.       3600    IN      SOA     loopback.dns.net.nz. soa.nzrs.net.nz. 2010051262 3600 1200 604800 3600

;; Query time: 290 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue May 25 13:43:40 2010
;; MSG SIZE  rcvd: 179

I confess I have little experience with DNAMEs. Am I wrong to say that
Unbound is wrong?