[nsd-users] Too many authority records when a CNAME crosses a zone cut?

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Jun 4 15:08:31 UTC 2010 

Test the CNAME bidon.sources.org. It crosses a zone cut. A NSD name
server sends authority records for both domains:

% dig @ns3.bortzmeyer.org A bidon.sources.org        
...
;; AUTHORITY SECTION:
sub.sources.org.        86400   IN      NS      ns3.bortzmeyer.org.
sub.sources.org.        86400   IN      NS      munzer.bortzmeyer.org.
sources.org.            86400   IN      NS      ns3.bortzmeyer.org.
sources.org.            86400   IN      NS      ns4.generic-nic.net.
sources.org.            86400   IN      NS      ns6.gandi.net.
sources.org.            86400   IN      NS      munzer.ipv6.bortzmeyer.org.
sources.org.            86400   IN      NS      munzer.bortzmeyer.org.

When BIND only sends for one domain:

% dig @ns4.generic-nic.net A bidon.sources.org 
...
;; AUTHORITY SECTION:
sub.sources.org.        86400   IN      NS      munzer.bortzmeyer.org.
sub.sources.org.        86400   IN      NS      ns3.bortzmeyer.org.

I do not know which is right but the fact is that the BIND resolver
complains (that's how we noticed it, the setup above was done just to
reproduce the bug):

named[23925]: DNS format error from 192.93.0.4#53 resolving
nspublisher.secure.example/A for client 192.134.4.150#50438:
multiple NS RRsets in authority section

More information about the nsd-users mailing list