Discussion:
[Dnsmasq-discuss] CNAME vs missing AAAA record
Harald Dunkel
2017-10-24 09:28:45 UTC
Permalink
Hi folks,

if I run dig to query an AAAA record via dnsmasq, then
sometimes I get the CNAME only. Sample:

bash-4.4# dig @10.100.0.2 developer.apple.com AAAA +short
developer-cdn.apple.com.akadns.net.
world-gen.g.aaplimg.com.

This is misleading, because both don't have an AAAA record.
I didn't ask for the CNAME, anyway. Shouldn't it just shut
up in this case?


Every helpful comment is highly appreciated
Harri
/dev/rob0
2017-10-24 11:27:48 UTC
Permalink
Post by Harald Dunkel
if I run dig to query an AAAA record via dnsmasq, then
developer-cdn.apple.com.akadns.net.
world-gen.g.aaplimg.com.
This is misleading, because both don't have an AAAA record.
I didn't ask for the CNAME, anyway. Shouldn't it just shut
up in this case?
No. CNAME says "direct every query for this name to this one, the
CNAME target." The example you showed is a CNAME chain, where the
Apple CNAME points to the Akadns CNAME, which in turn points to the
aaplimg.com name (which is not a CNAME.)

Take off +short and the world-gen.g.aaplimg.com./IN/AAAA query is
indeed a NOERROR reply, which in this case means the name exists,
but there's no data of the requested type. (Offer void where taxed
or prohibited, or where mangled by Cloudflare.)

Such abuse of the DNS is commonplace these days. And there are
reasons for it, namely CDN replies tailored for what is hoped to
produce the fastest connection to the requested resources.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Loading...