[Pdns-users] Rcode 3 NXDOMAIN for existing CNAME
Christoph
cm at appliedprivacy.net
Sun Mar 26 09:58:53 UTC 2023
Hi Peter Thomassen,
>> Since this is the background of the DNS query I find your suggestion a
>> valid solution for the problem that lego could implement.
>
> I agree! Thanks for clearing this up, I was on the wrong track about
> what the goal of that query was.
I looked at the pcap again - the one you also have -
and it turns out that lego already asks for a CNAME - not TXT - record
and the answer is NXDOMAIN..
-------------
Domain Name System (response)
Transaction ID: 0xc277
Flags: 0x8183 Standard query response, No such name
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 1
Queries
_acme-challenge.bender-doh.applied-privacy.net: type CNAME,<<<<
class IN
Name: _acme-challenge.bender-doh.applied-privacy.net
[Name Length: 46]
[Label Count: 4]
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Answers
_acme-challenge.bender-doh.applied-privacy.net: type CNAME,
class IN, cname bender-doh.acme-dns-challenge.applied-privacy.net
Name: _acme-challenge.bender-doh.applied-privacy.net
Type: CNAME (Canonical NAME for an alias) (5)
Class: IN (0x0001)
Time to live: 86400 (1 day)
Data length: 32
CNAME: bender-doh.acme-dns-challenge.applied-privacy.net
Authoritative nameservers
Additional records
-------------
so now I suspect the recursive resolver (not pdns)
does something unexpected but I have to analyze
all recursive resolver DNS traffic before making
further conclusions.
thanks!
Christoph
More information about the Pdns-users
mailing list