[Pdns-users] PDNS Authoritative and CNAME pointing to external Domain responds with NXDOMAIN

Brian Candler b.candler at pobox.com
Tue Jun 22 15:05:12 UTC 2021

On 22/06/2021 15:54, Thomas wrote:
> Doing a "dig www.zur-sonne.it +nostats +nocomments +nocmd @localhost" 
> I (think) get correct result:
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 <<>> www.zur-sonne.it 
> +nostats +nocomments +nocmd @localhost
> ;; global options: +cmd
> ;www.zur-sonne.it.              IN      A
> www.zur-sonne.it.       10800 IN      CNAME cms-v2.sihosting.cloud.
> And nslookup can not resolve cms-v2.sihosting.cloud as I pointed it to 
> localhost to query from. Correct?

I believe you're right.  nslookup thinks it's talking to a recursive 
nameserver, and wants to chase the CNAME record. However I would not 
have expected an NXDOMAIN response here; your nameserver ought to have 
returned REFUSED.  It seems like you've made your nameserver 
authoritative for the entire DNS (or at least, for sihosting.cloud)

For that dig command line, when talking to an authoritative nameserver, 
I'd also recommend you add the "+norec" flag, which makes it explicit 
that you don't want to recurse.

More information about the Pdns-users mailing list