thr3ads.net - nsd users - [nsd-users] Too many authority records when a CNAME crosses a zone cut? [Jun 2010]

If this information is useful, please help other people find it:
Share via:

Stephane Bortzmeyer

2010-Jun-04 15:08 UTC

[nsd-users] Too many authority records when a CNAME crosses a zone cut?

Test the CNAME bidon.sources.org. It crosses a zone cut. A NSD name
server sends authority records for both domains:

% dig @ns3.bortzmeyer.org A bidon.sources.org        
...
;; AUTHORITY SECTION:
sub.sources.org.        86400   IN      NS      ns3.bortzmeyer.org.
sub.sources.org.        86400   IN      NS      munzer.bortzmeyer.org.
sources.org.            86400   IN      NS      ns3.bortzmeyer.org.
sources.org.            86400   IN      NS      ns4.generic-nic.net.
sources.org.            86400   IN      NS      ns6.gandi.net.
sources.org.            86400   IN      NS      munzer.ipv6.bortzmeyer.org.
sources.org.            86400   IN      NS      munzer.bortzmeyer.org.

When BIND only sends for one domain:

% dig @ns4.generic-nic.net A bidon.sources.org 
...
;; AUTHORITY SECTION:
sub.sources.org.        86400   IN      NS      munzer.bortzmeyer.org.
sub.sources.org.        86400   IN      NS      ns3.bortzmeyer.org.

I do not know which is right but the fact is that the BIND resolver
complains (that's how we noticed it, the setup above was done just to
reproduce the bug):

named[23925]: DNS format error from 192.93.0.4#53 resolving
nspublisher.secure.example/A for client 192.134.4.150#50438:
multiple NS RRsets in authority section

nsd users - Jun 2010 - Too many authority records when a CNAME crosses a zone cut?

[nsd-users] Too many authority records when a CNAME crosses a zone cut?