[Pdns-users] DNSSEC and CNAME records results NXDOMAIN

Klaus Darilion klaus.darilion at nic.at
Fri Apr 22 16:06:25 UTC 2022 

I do not see any difference of the two cases. But in any case, returning an answer AND nxdomain is just broken.


# dig @ns1.mijn.host. autodiscover.egogo.eu
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62514
...
;; QUESTION SECTION:
;autodiscover.egogo.eu.         IN      A

;; ANSWER SECTION:
autodiscover.egogo.eu.  900     IN      CNAME   autodiscover.outlook.com.

;; AUTHORITY SECTION:
.                       3600    IN      SOA     ns1.mijn.host. hostmaster. 1643556361 10800 3600 604800 3600

this is a very broken setup. SOA reports "." = root zone. 

which pdns version/backend/ zone setup are you using?

regards
Klaus

> -----Ursprüngliche Nachricht-----
> Von: Pdns-users <pdns-users-bounces at mailman.powerdns.com> Im
> Auftrag von Marijn via Pdns-users
> Gesendet: Freitag, 22. April 2022 16:39
> An: pdns-users at mailman.powerdns.com
> Betreff: [Pdns-users] DNSSEC and CNAME records results NXDOMAIN
> 
> I have PowerDNS 4.5.1 running.
> 
> DNSSEC is working on the domain:
> https://dnssec-analyzer.verisignlabs.com/egogo.eu
> 
> ---
> 
> But when I have DNSSEC active and I create a CNAME record, which doesn't
> have DNSSEC, I get a NXDOMAIN error.
> 
> ```
> $ dig CNAME autodiscover.egogo.eu +short
> autodiscover.outlook.com.
> ```
> 
> Here you can see the error
> https://dnssec-analyzer.verisignlabs.com/autodiscover.egogo.eu
> 
> - Zone egogo.eu (83.96.241.95) returns NXDOMAIN for
> autodiscover.egogo.eu
> - No NSEC records in response
> 
> ---
> 
> When I create a CNAME record to a domain with DNSSEC, it's working.
> ```
> $ dig CNAME autodiscover2.egogo.eu +short
> egogo.nl.
> ```
> https://dnssec-analyzer.verisignlabs.com/autodiscover2.egogo.eu
> - No errors
> 
> ---
> 
> Why is DNSSEC not working with CNAME record autodiscover.outlook.com?
> Or could there be something wrong in my configuration?
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list