[Pdns-users] Don't return dereferenced CNAMEs
Aki Tuomi
cmouse at youzen.ext.b2.fi
Tue Jun 9 06:19:09 UTC 2015
On Mon, Jun 08, 2015 at 05:04:50PM -0500, ktm at rice.edu wrote:
> On Mon, Jun 08, 2015 at 02:51:13PM -0700, Mark Moseley wrote:
> > I'm curious if there's a setting to tell powerdns not to be helpful and
> > return the dereferenced CNAME.
> >
> > That is, if I look up a given record and it's a CNAME that then points to
> > an A record, don't try to then *also* return a lookup of the A record along
> > with the CNAME.
> >
> > The reasons for why it'd happen in our setup are annoying and I don't want
> > to go into it :)
> >
> > I've tried setting out-of-zone-additional-processing to 'no' but that
> > doesn't seem to change anything.
> >
> > It doesn't to break anything (and presumably a resolver that paid attention
> > to these records would be subject to cache poisoning). But it's kind of
> > weird and could be confusing to people looking at manual lookups.
>
> Hi Mark,
>
> I think you will find that a lot of software will work quite poorly if
> you do this. If you are performing a manual lookup, just ask for the
> CNAME type in the lookup and that is what you will get.
>
> Regards,
> Ken
>
It will be deferenced if
- you asked for something else than cname
- you had recursion desired (use +norec)
- the server has recursor setting defined
- or has local answer
Aki
More information about the Pdns-users
mailing list