Why does A record give SERVFAIL when CNAME record does not fail

vinz

7/21/23, 10:33 AM

If I run

dig @ns5.laposte.net conversation.ees.labanquepostale.fr A

I get a SERVFAIL, but if I run

dig @ns5.laposte.net conversation.ees.labanquepostale.fr CNAME

I got my CNAME:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48072
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;conversation.ees.labanquepostale.fr. IN    CNAME

;; ANSWER SECTION:
conversation.ees.labanquepostale.fr. 300 IN CNAME prod-lbpee.web-application-front-customer.as8677.net.

I was wondering how valid this behavior could be (at least to know if we can expect that to happen more often), and from the RFC 1034 I can see:

If a CNAME RR is present at a node, no other data should be present
When a name server fails to find a desired RR in the resource set associated with the domain name, it checks to see if the resource set consists of a CNAME record with a matching class. If so, the name server includes the CNAME record in the response

So I believe this is not standard behavior. I also do not see any advice in "Common DNS Operational and Configuration Errors". Does anyone have recommendations or experience with that kind of issue? I guess here is just to look for a CNAME if a name server replies with a REFUSED or SERVFAIL?

0 + 0

domain-name-system

cname-record

Patrick Mevzek

7/21/23, 2:53 PM

"So I believe this is not standard behavior." It is kind of covered by https://datatracker.ietf.org/doc/html/rfc1034#section-4.3.1 see the part starting with "If recursive service is not requested or is not available, the non- recursive response will be one of the following:"

Score:3

Server

Bob

7/21/23, 10:43 AM

By default dig sets the RD (recursion desired) bit in queries, which means dig normally sends recursive queries.

With that disabled you will get the respond that you expect:

dig +norecurse @ns5.laposte.net conversation.ees.labanquepostale.fr

0 + 0

Score:2

Server

flinkflonk

7/21/23, 2:49 PM

The reason for you not getting recursive answers (which you want in a case like this, where a CNAME points at a CNAME that points at an A) is printed in your answer: ;; WARNING: recursion requested but not available

That means, the nameserver you are asking (ns5.laposte.net) is an authoritative nameserver, not a recursive one (also know as a resolver). It will only look into its database and see if there is a record of the type you are looking for, In your case, it looks for an A record for conversation.ees.labanquepostale.fr, which doesn't exist. When explicitly setting the record type to CNAME you get the answer you expect, but nothing more (ie. the CNAME isn't followed). If you check on a recursive nameserver, dig will get recursive results until the A record is found:


; <<>> DiG 9.18.0 <<>> conversation.ees.labanquepostale.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24724
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;conversation.ees.labanquepostale.fr. IN        A

;; ANSWER SECTION:
conversation.ees.labanquepostale.fr. 299 IN CNAME prod-lbpee.web-application-front-customer.as8677.net.
prod-lbpee.web-application-front-customer.as8677.net. 299 IN CNAME prd-lbpee.web-application-front-customer-as.lbp-mail.as8677.net.
prd-lbpee.web-application-front-customer-as.lbp-mail.as8677.net. 2670 IN A 160.92.71.152

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why does A record give SERVFAIL when CNAME record does not fail

TH: เหตุใดระเบียน A จึงให้ SERVFAIL เมื่อระเบียน CNAME ไม่ล้มเหลว

RO: De ce o înregistrare dă SERVFAIL când înregistrarea CNAME nu eșuează

RU: Почему запись A дает SERVFAIL, когда запись CNAME не завершается ошибкой

VI: Tại sao bản ghi A cung cấp SERVFAIL khi bản ghi CNAME không bị lỗi

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.