Hi I know this is miss-configuration. but sharing.
I find the the strange response to the DS request. That response answer type is CNAME. This can happen if Child and Parent zone in same nameserver and Parent zone does not have NS recode for Child zone and Parent zone have CNAME recode with the same name as Child zone. DS recode is authoritative data in the Parent zone. but I think strange that response. example: dig @localhost www.example.jp SOA +norec ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.jp. IN SOA ;; ANSWER SECTION: www.example.jp. 3600 IN SOA www.example.jp. dns-managers.example.jp. 1 3600 1800 3600 900 dig @localhost www.example.jp ds +norec ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @localhost www.example.jp ds +norec ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29723 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.jp. IN DS ;; ANSWER SECTION: www.example.jp. 300 IN CNAME www.example.com. -- Manabu Sonoda <manab...@iij.ad.jp> Internet Initiative Japan Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
