[Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN
Brian Candler
b.candler at pobox.com
Tue Jun 22 15:05:12 UTC 2021
On 22/06/2021 15:54, Thomas wrote:
> Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost"
> I (think) get correct result:
>
>
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it
> +nostats +nocomments +nocmd @localhost
> ;; global options: +cmd
> ;www.zur-sonne.it. IN A
> www.zur-sonne.it. 10800 IN CNAME cms-v2.sihosting.cloud.
>
> And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to
> localhost to query from. Correct?
I believe you're right. nslookup thinks it's talking to a recursive
nameserver, and wants to chase the CNAME record. However I would not
have expected an NXDOMAIN response here; your nameserver ought to have
returned REFUSED. It seems like you've made your nameserver
authoritative for the entire DNS (or at least, for sihosting.cloud)
For that dig command line, when talking to an authoritative nameserver,
I'd also recommend you add the "+norec" flag, which makes it explicit
that you don't want to recurse.
More information about the Pdns-users
mailing list