How not to set up your DNS (part 16)
Sort of presented in the traditional illustrated format:
; sdig ns ibc.com.au. ns1.ibc.com.au. ns2.ibc.com.au. ; dig cname ibc.com.au. @ns1.ibc.com.au. [...] ;; flags: qr aa; QUERY: 1, ANSWER: 1, [...] [...] ;; ANSWER SECTION: ibc.com.au. IN SOA ns1.ibc.com.au. \ hostmaster.localdomain. [....]
(The TTL has been omitted and the line wrapped for clarity.)
This is not how you are supposed to say 'I do not have a CNAME record'. What ibc.com.au should be doing is returning a reply with nothing in the 'answer' section and their SOA record in the 'additional authority' section.
The net result of this issue is that a number of resolving nameservers will return SERVFAIL when asked to see if ibc.com.au is a CNAME, which has various interesting downstream consequences.
(Technically the com.au zone says that ibc.com.au has two other nameservers, however a) ibc.com.au disagrees, since the extras are not in the NS records that the first two return and b) the extra two are non-authoritative anyways.)
Comments on this page:Written on 09 July 2007.