[Pdns-users] Don't return dereferenced CNAMEs

Aki Tuomi cmouse at youzen.ext.b2.fi
Tue Jun 9 06:32:07 UTC 2015


On Tue, Jun 09, 2015 at 09:19:09AM +0300, Aki Tuomi wrote:
> On Mon, Jun 08, 2015 at 05:04:50PM -0500, ktm at rice.edu wrote:
> > On Mon, Jun 08, 2015 at 02:51:13PM -0700, Mark Moseley wrote:
> > > I'm curious if there's a setting to tell powerdns not to be helpful and
> > > return the dereferenced CNAME.
> > > 
> > > That is, if I look up a given record and it's a CNAME that then points to
> > > an A record, don't try to then *also* return a lookup of the A record along
> > > with the CNAME.
> > > 
> > > The reasons for why it'd happen in our setup are annoying and I don't want
> > > to go into it :)
> > > 
> > > I've tried setting out-of-zone-additional-processing to 'no' but that
> > > doesn't seem to change anything.
> > > 
> > > It doesn't to break anything (and presumably a resolver that paid attention
> > > to these records would be subject to cache poisoning). But it's kind of
> > > weird and could be confusing to people looking at manual lookups.
> > 
> > Hi Mark,
> > 
> > I think you will find that a lot of software will work quite poorly if
> > you do this. If you are performing a manual lookup, just ask for the
> > CNAME type in the lookup and that is what you will get.
> > 
> > Regards,
> > Ken
> >
> 
> It will be deferenced if
> 
>  - you asked for something else than cname
>  - you had recursion desired (use +norec)
>  - the server has recursor setting defined
>  - or has local answer
> 
> Aki

A smsll clarification, I intended to say that use +norec to 
negate dig default which is to set recursion desired on. 

Aki 




More information about the Pdns-users mailing list