'*' in Rdata causes the return code to be NOERROR instead of NX
SivaKesava1 opened this issue · comments
Hi again,
Short description
When the target of a CNAME
that belongs to the same zone does not exist, it is returned with the NXDOMAIN
return code. NSD handles this very well except when there is a *
label in the Rdata. It returns with NOERROR
, whereas Bind, Knot, and PowerDNS return with NXDOMAIN
(Sorry for nitpicking a minor corner case).
Steps to reproduce
Consider the following sample zone file:
campus.edu. | 500 SOA | ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300 |
campus.edu. | 500 NS | ns1.outside.edu. |
foo.campus.edu. | 500 CNAME | www.*.campus.edu. |
For the query <foo.campus.edu., A>
the answer from the NSD server is:
"rcode NOERROR",
"flags QR AA",
";QUESTION",
"foo.campus.edu. IN A",
";ANSWER",
"foo.campus.edu. 500 IN CNAME www.*.campus.edu.",
";AUTHORITY",
";ADDITIONAL"
Expected/Actual behavior
The answer section would be the same for the above query, but the RCODE
should be NXDOMAIN.
Thank you for your quick replies.
Fixed it. It has to do with the internal data structure for storing domains in the memory of NSD, there a domain struct is created for the right hand of the CNAME, and it is set to be non-existing. The is_existing was not checked for the wildcard expansion, and this is fixed by the commit. So this fix is only for CNAMEs to a wildcard right hand, where that wildcard right hand does not exist in the zone. Thanks for the report!