Hello, Gandi authoritative DNS servers are returning multiple CNAME records for a single entry. dig @ns-29-b.gandi.net +norecurse +dnssec CNAME lb.qual.flash-global.net
; <<>> DiG 9.18.2-1+ubuntu20.04.1+isc+3-Ubuntu <<>> @ns-29-b.gandi.net +norecurse +dnssec CNAME lb.qual.flash-global.net ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16293 ;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ;; QUESTION SECTION: ;lb.qual.flash-global.net. IN CNAME ;; ANSWER SECTION: lb.qual.flash-global.net. 10800 IN CNAME lb1.qual.flash-global.net. lb.qual.flash-global.net. 10800 IN CNAME lb2.qual.flash-global.net. lb.qual.flash-global.net. 10800 IN RRSIG CNAME 13 4 10800 20220526000000 20220505000000 57605 flash-global.net. lLinFZUgXq8k823g0Ec/Q4vMysROQZWkimbTS7WDVE27TkzX6H2tyTFg PzSF29et8UWW/AQ3tCqLeQRzUJEX1g== ;; Query time: 10 msec ;; SERVER: 213.167.230.30#53(ns-29-b.gandi.net) (UDP) ;; WHEN: Fri May 13 16:58:09 CEST 2022 ;; MSG SIZE rcvd: 201 And this is not a corruption, their zone admin interface lets you declare as much as you want CNAME records for a signe entry. Checked no later than this morning. Is there any dns-operation consensus about this behavior ? Is there someone from Gandi on dns-operation who could explain if this is an intended behavior on their side and for what purpose or a bug to fix ? Most of their clients/users think that because their interface allows it, it is legit and serves the same purpose as multiple A records (round robin). Hopefully, on a A request only the first CNAME and always the same is returned as part of the answer. But things relying on CNAME requests break in many and sometimes subtle ways. Thank you. Emmanuel. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
