Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apex SOA/NS not included in answers after CNAME aliasing #6630

Open
EchoStone1101 opened this issue Apr 21, 2024 · 1 comment
Open

Apex SOA/NS not included in answers after CNAME aliasing #6630

EchoStone1101 opened this issue Apr 21, 2024 · 1 comment
Assignees
@shiv-tyagi
Labels
bug

Comments

@EchoStone1101
Copy link

What happened:

When the query is aliased to the zone origin after hitting a CNAME, the apex SOA/NS records are not included in the ANSWER section, if the query type is SOA/NS.

How to reproduce it (as minimally and precisely as possible):

Using the following zone file (b.a.txt):

b.a.		500 IN SOA	mname.com. rname.com. 3 604800 86400 2419200 604800
b.a.		500 IN NS	h.b.a.
b.a.        500 IN A    1.1.1.1
d.b.a.		500 IN CNAME	b.a.
h.b.a.		500 IN A	100.235.151.110

and this Corefile:

b.a.:1053 {
    header {
        response set ra
    }
    file b.a.txt
}

Response for querying <d.b.a., SOA> (output beautified):

root@e10adfbeed3f:/v# dig @127.0.0.1 -p 1053 d.b.a. SOA

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;d.b.a.                         IN      SOA

;; ANSWER SECTION:
d.b.a.                  500     IN      CNAME   b.a.

;; AUTHORITY SECTION:
b.a.                    500     IN      NS      h.b.a.

What you expected to happen:

The ANSWER section should also include the b.a. SOA record because it matches the CNAME target and the query type.

Anything else we need to know?:

Environment:

  • the version of CoreDNS: CoreDNS-1.11.1, linux/arm64, go1.21.5, 45923b6e
  • Corefile: given above.
  • OS: this uses the docker environment from "Compilation with Docker".
  • Others:

This issue is more intricate than it appears: if the b.a. A record is removed, then the query d.b.a. SOA does return the SOA record in the ANSWER section!

For more related test results:

  • Querying for b.a. SOA directly works as intended (SOA included in ANSWER).
  • The same issue also applies to apex NS records (change every query type above into NS and the behavior is the same).
  • Finally, bind9 handles this correctly under the same setup.
@shiv-tyagi
Copy link

Hi @EchoStone1101! I'm new here. I tried coredns recently and I love it. I would like to contribute to the project. I have gone through the basic documentation. I would like to try working on this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shiv-tyagi shiv-tyagi

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shiv-tyagi @EchoStone1101