In message <4fda9b90.8040...@riseup.net>, pangj writes: > > > In message<4fda970e.9080...@riseup.net>, pangj writes: > >> Hi, > >> > >> If BIND is authoritative for zone a, and is not authoritative for zone > >> b, but zone b is configured in BIND's zone file, and x.zonea.com is > >> CNAME'd to y.zoneb.com. > >> > >> When DNS client queries to this BIND for x.zonea.com, it gets the > >> authoritative answers for both x.zonea.com and y.zoneb.com, certainly > >> y.zoneb.com is a fake one. > >> > >> How DNS client handle this case? > >> Thanks. > > > > It depends on the client and whether the zones are signed or not > > and whether the client is validating responses or not. > > > > Stub clients will almost always trust the complete answer. > > For iterative clients it depends on their level of paranoia. > > > > Thanks Mark. > For a DNS caching only server, for example, BIND, it will validate the > response always, is it?
named is paranoid. It discards the rest of the response after processing the CNAME. > -- > Email/Jabber/Gtalk: pa...@riseup.net > Free DNS Hosting with www.DNSbed.com > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
