[Pdns-users] NXDOMAIN on CNAME and UPC

Pawel Panek pawel.panek at cloudaccess.net
Fri May 24 21:16:50 UTC 2013 

Hello PowerDNS Users,

I know this has been discussed many times but I'd like to ask for some
hints how to deal with situation I met. It's about how PowerDNS is
responding with CNAME records pointing to 'external' name. Case example:

; <<>> DiG 9.7.3 <<>> cdn.mydomain.net @dns.mydomain.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19922
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;cdn.mydomain.net.            IN      A

;; ANSWER SECTION:
cdn.mydomain.net.     3600    IN      CNAME   randomstr.cloudfront.net.

;; AUTHORITY SECTION:
.                       3600    IN      SOA     dns.mydomain.net.
noc.mydomain.net. 2012042301 10800 3600 604800 300

;; Query time: 205 msec
;; SERVER: 1xx.1xx.1xx.1xx#53(1xx.1xx.1xx.1xx)
;; WHEN: Fri May 24 20:54:31 2013
;; MSG SIZE  rcvd: 143

My concern is NXDOMAIN status. As per discussions and RFC's the answer is
correct. I understand that but the problem is there are some dns resolver
which just don't get it ;).
Clients of mine started report they can't get cdn network to work with
their sites. After investigation everything comes to common point - the
ISP. All of them are using UPC broadband in Europe. When they query default
UPC's name servers they are getting 'couldn't find host' errors. It looks
like this:

nslookup cdn.mydomain.net
Server: ns01.upclive.nl
Address: 62.179.104.196
*** ns01.upclive.nl could not find cdn.mydomain.net: Non-existent domain

tracert cdn.mydomain.net
Could not convert the target name of cdn.mydomain.net.

Seems UPC's dns resolvers rely on dns response status and discard CNAME
answer. Now the question comes in: who is wrong?
There is hundreds of thousands clients in Europe using UPC services. I have
the same reports from people living in Netherlands, Czech Rep.  and Poland.
it's impossible for me to tell all of them to change dns resolvers to other
servers. I would rather bend the rules and adjust PowerDNS status to return
NOERROR for answers like this and have all these people off my back.
Maybe someone from UPC is looking on this list and can share thoughts.
Anyway, any advice on how to deal with this situation would be much
appreciated.

Regards,
Pawel Panek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130524/a6432601/attachment.html>

More information about the Pdns-users mailing list