>>>> The upstream DNS server 211.161.192.1 did responsed correctly, by >>>> analysis via tcpdump. But why bind didn't use THE RESPONSE, but >>>> resolves again from root-servers. >>> >>> Unfortunately, the information provided by 211.161.192.1 must be >>> discarded because that is server is not authoritative for cachecn.com. >>> From your resolver's perspective, it is a totally unrelated domain >>> name. >>> >> Thanks! So bind can accept second hand answer, but won't accept third >> hand (or more) answer? > > It shouldn't accept the second CNAME, either. Are you sure that it > does? It's probably the same globally, so it's not visible from the > cache contents. > Yes, from the capture it just didn't accept the last CNAME.
My capture command: tcpdump -s 0 -nnnvvv -w 360.cn-`date +%Y%m%d`.pcap udp port 53 17:59:36 ~ $ dig +nocmd speedtest.360.cn @211.161.192.1 +multiline +noall +answer speedtest.360.cn. 215 IN CNAME speedtest.360.cn.cloudcdn.net. speedtest.360.cn.cloudcdn.net. 325 IN CNAME cloud010005.cachecn.com. cloud010005.cachecn.com. 368 IN A 61.155.141.28 but bind just resolved cloud010005.cachecn.com again. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
