Maintained by: NLnet Labs

[Unbound-users] Puzzling behavior with DNAME

W.C.A. Wijngaards
Tue May 25 14:46:07 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Stephane,

The reason I put NOERROR in there is because, like with a CNAME, if a
CNAME is followed the answer is NOERROR not NXDOMAIN.  I thought this is
part of the spec (the CNAME algorithm).

Best regards,
   Wouter

On 05/25/2010 01:44 PM, Stephane Bortzmeyer wrote:
> I'm playing with māori domain names
> <http://www.te-reo.maori.dns.net.nz/> and Unbound's behavior surprises
> me.
> 
> There is a DNAME from māori.dns.net.nz (xn--mori-qsa.dns.net.nz) to
> maori.dns.net.nz:
> 
> % dig ANY te-reo.xn--mori-qsa.dns.net.nz                                   
> ...
> ;; ANSWER SECTION:
> xn--mori-qsa.dns.net.nz. 86400  IN      DNAME   maori.dns.net.nz.
> te-reo.xn--mori-qsa.dns.net.nz. 0 IN    CNAME   te-reo.maori.dns.net.nz.
> te-reo.maori.dns.net.nz. 3437   IN      A       202.160.48.39
> 
> When the name does not exist, a BIND resolver tells me NXDOMAIN:
> 
> % dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz 
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57869
> 
> But Unbound 1.4.1 tells me NOERROR, which seems wrong:
> 
> % dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz 
> 
> ; <<>> DiG 9.5.1-P3 <<>> ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3907
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;tagadatsointsoin.xn--mori-qsa.dns.net.nz. IN ANY
> 
> ;; ANSWER SECTION:
> xn--mori-qsa.dns.net.nz. 86400  IN      DNAME   maori.dns.net.nz.
> tagadatsointsoin.xn--mori-qsa.dns.net.nz. 0 IN CNAME tagadatsointsoin.maori.dns.net.nz.
> 
> ;; AUTHORITY SECTION:
> maori.dns.net.nz.       3600    IN      SOA     loopback.dns.net.nz. soa.nzrs.net.nz. 2010051262 3600 1200 604800 3600
> 
> ;; Query time: 290 msec
> ;; SERVER: ::1#53(::1)
> ;; WHEN: Tue May 25 13:43:40 2010
> ;; MSG SIZE  rcvd: 179
> 
> I confess I have little experience with DNAMEs. Am I wrong to say that
> Unbound is wrong?
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkv7xo8ACgkQkDLqNwOhpPhL9gCfQjdo4n1N23FHR1MAhEaAUbtE
XuMAn3mtnmEQdKKN/heODg903iayldm0
=qkLa
-----END PGP SIGNATURE-----