Closed SivaKesava1 closed 8 months ago
Thanks for the feedback. Will get this fixed soon.
Thanks again for the feedback. I tried this on the latest release (v11.4.1) and could not reproduce it. I am seeing correct NXDOMAIN
response (see screenshots below).
Below is the test zone:
This is the response I get with the built-in DNS Client:
{
"Metadata": {
"NameServer": "server1 (127.0.0.1)",
"Protocol": "Udp",
"DatagramSize": "186 bytes",
"RoundTripTime": "24.25 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "NxDomain",
"Version": 0,
"Flags": "None",
"Options": []
},
"Identifier": 0,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": true,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": false,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "NxDomain",
"QDCOUNT": 1,
"ANCOUNT": 2,
"NSCOUNT": 1,
"ARCOUNT": 1,
"Question": [
{
"Name": "example.bank.foo.www",
"Type": "NS",
"Class": "IN"
}
],
"Answer": [
{
"Name": "foo.www",
"Type": "DNAME",
"Class": "IN",
"TTL": "500 (8 mins 20 sec)",
"RDLENGTH": "20 bytes",
"RDATA": {
"Domain": "example.fnni.*.www"
},
"DnssecStatus": "Disabled"
},
{
"Name": "example.bank.foo.www",
"Type": "CNAME",
"Class": "IN",
"TTL": "500 (8 mins 20 sec)",
"RDLENGTH": "30 bytes",
"RDATA": {
"Domain": "example.bank.example.fnni.*.www"
},
"DnssecStatus": "Disabled"
}
],
"Authority": [
{
"Name": "www",
"Type": "SOA",
"Class": "IN",
"TTL": "500 (8 mins 20 sec)",
"RDLENGTH": "51 bytes",
"RDATA": {
"PrimaryNameServer": "ns1.outside.edu",
"ResponsiblePerson": "root@campus.edu",
"Serial": 5,
"Refresh": 900,
"Retry": 300,
"Expire": 604800,
"Minimum": 900
},
"DnssecStatus": "Disabled"
}
],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}
Can you confirm this again on your setup and that if you are running the latest release?
I forgot to add another record that was present in the original test case 23 when I copied it over into the bug report. I think that affects as it involves wildcards. I am not using the UI client. I am running the DnsServer in a container on a remote machine. Here are the details. Please let me know if you need any additional info.
{
"displayName": "Administrator",
"username": "admin",
"token": "36333e221d591435e484672322d0a1b4cd8a6019f8d92408d07b62fbe25b2b95",
"info": {
"version": "11.4.1",
"uptimestamp": "2023-09-28T17:44:17.9557199Z",
"dnsServerDomain": "e8de0a8edfb2",
"defaultRecordTtl": 3600,
"permissions": {
....
}
},
"status": "ok"
}
{
"response": {
"zone": {
"name": "www",
"type": "Primary",
"internal": false,
"dnssecStatus": "Unsigned",
"notifyFailed": false,
"notifyFailedFor": [],
"disabled": false
},
"records": [
{
"name": "www",
"type": "NS",
"ttl": 500,
"disabled": false,
"rData": {
"nameServer": "ns1.outside.edu"
},
"dnssecStatus": "Unknown",
"lastUsedOn": "0001-01-01T00:00:00"
},
{
"name": "www",
"type": "SOA",
"ttl": 500,
"disabled": false,
"rData": {
"primaryNameServer": "ns1.outside.edu",
"responsiblePerson": "root@campus.edu",
"serial": 10,
"refresh": 604800,
"retry": 86400,
"expire": 2419200,
"minimum": 604800,
"useSerialDateScheme": false
},
"dnssecStatus": "Unknown",
"lastUsedOn": "2023-09-28T17:50:38.3494543Z"
},
{
"name": "*.www",
"type": "A",
"ttl": 500,
"disabled": false,
"rData": {
"ipAddress": "1.1.1.1"
},
"dnssecStatus": "Unknown",
"lastUsedOn": "0001-01-01T00:00:00"
},
{
"name": "foo.www",
"type": "DNAME",
"ttl": 500,
"disabled": false,
"rData": {
"dname": "example.fnni.*.www"
},
"dnssecStatus": "Unknown",
"lastUsedOn": "2023-09-28T17:50:38.3460811Z"
}
]
},
"status": "ok"
}
I forgot to add another record that was present in the original test case 23 when I copied it over into the bug report. I think that affects as it involves wildcards.
Ohk ok. Will test it again on my setup again.
I am not using the UI client. I am running the DnsServer in a container on a remote machine.
The UI is available on the same HTTP API URL itself. Just try it on any web browser.
Thanks again for the report. Technitium DNS Server v11.5.2 is now available that fixes this issue. Do update and let me know your feedback.
Hi,
This is related to if 'A CNAME B' (even for a synthesized CNAME) exists in a zone, but B (related to the same zone) does not exist, then the return code should be NXDOMAIN. RFC 6604 mentions that
Consider the following zone file.
For the query <example.bank.foo.www., NS>, the Technitium server returns the following response:
What you expected to happen: The expected response is the same as above except that the
rcode
should beNXDOMAIN
. This is using the test case 23 from the FerretDataset.