I'm playing with māori domain names <http://www.te-reo.maori.dns.net.nz/> and Unbound's behavior surprises me.
There is a DNAME from māori.dns.net.nz (xn--mori-qsa.dns.net.nz) to maori.dns.net.nz: % dig ANY te-reo.xn--mori-qsa.dns.net.nz ... ;; ANSWER SECTION: xn--mori-qsa.dns.net.nz. 86400 IN DNAME maori.dns.net.nz. te-reo.xn--mori-qsa.dns.net.nz. 0 IN CNAME te-reo.maori.dns.net.nz. te-reo.maori.dns.net.nz. 3437 IN A 202.160.48.39 When the name does not exist, a BIND resolver tells me NXDOMAIN: % dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz ... ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57869 But Unbound 1.4.1 tells me NOERROR, which seems wrong: % dig ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz ; <<>> DiG 9.5.1-P3 <<>> ANY tagadatsointsoin.xn--mori-qsa.dns.net.nz ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3907 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;tagadatsointsoin.xn--mori-qsa.dns.net.nz. IN ANY ;; ANSWER SECTION: xn--mori-qsa.dns.net.nz. 86400 IN DNAME maori.dns.net.nz. tagadatsointsoin.xn--mori-qsa.dns.net.nz. 0 IN CNAME tagadatsointsoin.maori.dns.net.nz. ;; AUTHORITY SECTION: maori.dns.net.nz. 3600 IN SOA loopback.dns.net.nz. soa.nzrs.net.nz. 2010051262 3600 1200 604800 3600 ;; Query time: 290 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue May 25 13:43:40 2010 ;; MSG SIZE rcvd: 179 I confess I have little experience with DNAMEs. Am I wrong to say that Unbound is wrong? _______________________________________________ Unbound-users mailing list Unbound-users@unbound.net http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
