search

Revertron / Alfis

Alternative Free Identity System
https://alfis.name
GNU Affero General Public License v3.0
284 stars 28 forks source link

Error in CNAME resolving. #348

Open ufm opened 1 year ago

ufm commented 1 year ago

RFC1034 says in 3.6.2:

CNAME RRs cause special action in DNS software.  When a name server
fails to find a desired RR in the resource set associated with the
domain name, it checks to see if the resource set consists of a CNAME
record with a matching class.  If so, the name server includes the CNAME
record in the response and restarts the query at the domain name
specified in the data field of the CNAME record.

but Alfis does not return even cname. For example:

dig -t CNAME _acme-challenge.cc.ygg @302:db60::53 

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> -t CNAME _acme-challenge.cc.ygg @302:db60::53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58429
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.cc.ygg.        IN  CNAME

;; ANSWER SECTION:
_acme-challenge.cc.ygg. 3600    IN  CNAME   9c76e0cb-19eb-4890-8da8-52e49950ed06.auth.acme-dns.io.

I.e. _acme-challenge.cc.ygg have cname record. But when ask TXT, for example:

ig -t TXT _acme-challenge.cc.ygg @302:db60::53 

; <<>> DiG 9.18.12-0ubuntu0.22.04.1-Ubuntu <<>> -t TXT _acme-challenge.cc.ygg @302:db60::53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37959
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_acme-challenge.cc.ygg.        IN  TXT

;; AUTHORITY SECTION:
ygg.            60  IN  SOA ns.alfis.name. admin.alfis.name. 1683777532 3600 300 604800 60

;; Query time: 1207 msec
;; SERVER: 302:db60::53#53(302:db60::53) (UDP)
;; WHEN: Thu May 11 19:15:22 EEST 2023
;; MSG SIZE  rcvd: 106

But at least it should be:

;; ANSWER SECTION:
_acme-challenge.cc.ygg. 3600    IN  CNAME   9c76e0cb-19eb-4890-8da8-52e49950ed06.auth.acme-dns.io.

and correct answer is:

;; ANSWER SECTION:
_acme-challenge.cc.ygg. 3600    IN  CNAME   9c76e0cb-19eb-4890-8da8-52e49950ed06.auth.acme-dns.io.
9c76e0cb-19eb-4890-8da8-52e49950ed06.auth.acme-dns.io. 1 IN TXT "tAOc2yS8KqyEqqpt2GGEXQ9cTSbvD9sdnNdGegJC7Jk"
9c76e0cb-19eb-4890-8da8-52e49950ed06.auth.acme-dns.io. 1 IN TXT "JeMxgbEqrHwAxU6KSJwmEOC1Wee_NTmdrgryVmKjvmQ"
Revertron commented 1 year ago

Thanks for the report. Will fix this soon.

ufm commented 6 months ago

What about fix?