There appear to be some intermittent problems with our hosting company DNS. Is the following DNS response a valid CNAME response?
When proxied through home ISP and router this seems to flip intermittently between an NXDOMAIN response and a NOERROR + CNAME resolution. My hunch is that the correct behaviour when receiving NXDOMAIN and CNAME in a single response is undefined and I'm getting a different response based on the machines my query has gone through.
dig @ns2.hostdns4u.com i.baby-gaga.com
; <<>> DiG 9.5.1-P3 <<>> @ns2.hostdns4u.com i.baby-gaga.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26592
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;i.baby-gaga.com. IN A
;; ANSWER SECTION:
i.baby-gaga.com. 3600 IN CNAME babygaga.cachefly.net.
;; AUTHORITY SECTION:
. 3600 IN SOA whg1.hostdns4u.com. amber.barnberrycupboard.com. 0 10800 3600 604800 3600
;; Query time: 143 msec
;; SERVER: 207.55.240.2#53(207.55.240.2)
;; WHEN: Tue Jul 6 09:00:01 2010
;; MSG SIZE rcvd: 142
There's an ongoing debate in the IETF "DNSEXT" Working Group about the correct response to a query when the target of the CNAME does not exist and in other unusual circumstances.
In this case I believe the response is definitely incorrect.
ns2.hostdns4u.comis authoritative forbabygaga.com. It should be returningNOERRORrather thanNXDOMAINwhen you ask for theArecord.This would indicate that although the specific (
NAME,CLASS,TYPE) tuple doesn't exist, the name itself does.The behaviour of a cache seeing the incorrect
NXDOMAINresponse is not well defined. Whilst some will follow theCNAMErecord regardless, other resolvers may decide that the wholei.baby-gaga.comdomain doesn't exist.