[Pdns-users] PowerDNS API and RFC in relation to CNAMEs
Peter Thomassen
peter at desec.io
Wed Jun 14 07:50:20 UTC 2017
Hi Diego,
On 05/08/2017 11:59 AM, Diego Bellini wrote:
> I have created a CNAME “ciao8.rainbow.com” using API
>
> After that I tried to create an A record with the same name
> “ciao8.rainbow.com” and the API allowed me to do so
>
> Is this a wanted behaviour?
>
> By RFC shouldn’t this be not allowed because
>
> “/"A CNAME record is not allowed to coexist with any other data."”/
In DNS responses, pdns returns just the CNAME record, hiding the other
records, according to my tests.
Caveat: NSEC3 (and probably also NSEC) records do reveal the presence of
the other records in the database. I think this is a bug -- I'm going to
open an issue on github.
Cheers,
Peter
--
OpenPGP Fingerprint: 7963 D427 FD32 AC6F D20F D0B1 EFD6 143A 3EF2 2D2F
Verwirrender Anhang? Das ist eine digitale Unterschrift.
Details: https://www.anonym-surfen.de/help/email-openpgp.html
deSEC
Maybachufer 9
12047 Berlin
Germany
phone: +49-30-47384344
Vertreten durch: Dr. Peter Thomassen, Nils Wisiol
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170614/c3634a66/attachment.sig>
More information about the Pdns-users
mailing list