| Subject: | BIND ignoring NS records when the domain name is CNAME |
| Date: | Mon, 24 Aug 2015 10:02:37 +0200 |
| To: | bind-suggest@isc.org |
| From: | "Tomas Hozza" <thozza@redhat.com> |
Hello.
I've been working on one issue with BIND in RHEL-7, where
BIND is not able to resolve some specific domain names, while
for example Unbound is.
The issue is easily reproducible with domain romp.net.nz.
The root cause is that the domain (more precisely the domains
that are NS for the domain) are violating RFC 2181 section 10.3,
since the NS records in these are only CNAME to another record
of the actual Authoritative nameserver.
>From source, it is obvious that BIND counts with the possibility
of NS being only CNAME and ignores the NS in such case.
This is happening in lib/dns/resolver.c:3030 in function findname().
Although this is a problem of the domain and BIND is not really
obliged to handle RFC violations in domains, some other DNS resolvers
like Unbound are able to cope with this situation. I would like
to ask how likely would you accept a patch (or change the code)
for successfully handling such situation?
I'm attaching debug log from BIND in RHEL-7 illustrating the case.
Thank you in advance.
Regards,
--
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience
PGP: 1D9F3C2D
UTC+2 (CEST)
Red Hat Inc. http://cz.redhat.com
Message body is not shown because sender requested not to inline it.