Closed Kaptnik closed 1 year ago
Unbound returns response from msg cache. In iterator.c Unbound stores query type from upstream server response of authoritative server. - https://github.com/NLnetLabs/unbound/blob/6b2e96430e925245d3633ce831810e386c9c6ffd/iterator/iterator.c#L2867. Unbound modifies the query from CNAME to A before sending it to upstream and stores the response of CNAME as A response in msg cache.
Suggested FIX – store original query type in msg cache instead of query type from response. Use query type from qchase structure.
How is your unbound.conf configured?
For me, when qname-minimisation set, it is fine to dig CNAME and A
[root@unbound]# dig ns.safenet.com @9.82.187.162 CNAME
; <<>> DiG 9.16.23 <<>> ns.safenet.com @9.82.187.162 CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21254
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns.safenet.com. IN CNAME
;; ANSWER SECTION:
ns.safenet.com. 287 IN CNAME www.safenet.com.
;; Query time: 0 msec
;; SERVER: 9.82.187.162#53(9.82.187.162)
;; WHEN: Tue Mar 22 17:13:36 CST 2022
;; MSG SIZE rcvd: 61
[root@unbound]# dig ns.safenet.com @9.82.187.162 A
; <<>> DiG 9.16.23 <<>> ns.safenet.com @9.82.187.162 A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32391
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ns.safenet.com. IN A
;; ANSWER SECTION:
ns.safenet.com. 281 IN CNAME www.safenet.com.
www.safenet.com. 288 IN A 10.10.10.12
;; Query time: 0 msec
;; SERVER: 9.82.187.162#53(9.82.187.162)
;; WHEN: Tue Mar 22 17:13:42 CST 2022
;; MSG SIZE rcvd: 77
This seems like a duplicate of #412. Could you verify that the issue is resolved with 1.15.0?
Closing as inactive; the duplicate issue is already resolved.
Describe the bug When qname-minimisation is enabled, if we send a CNAME query for a domain followed by an A query, and if both records sets exist, Unbound only returns the CNAME records for even the A query.
To reproduce Steps to reproduce the behavior:
Query CNAME record followed by an A record for a domain, drive.aexp.com Assuming Unbound is running locally, and you have the dig command line tool setup:
dig @localhost drive.aexp.com CNAME
dig @localhost drive.aexp.com A
Expected behavior For the second query, Unbound should return the A record for the domain, but Unbound only returns the CNAME record for both queries
System:
unbound -V
output: