Hi again,

Short description

When the target of a CNAME that belongs to the same zone does not exist, it is returned with the NXDOMAIN return code. NSD handles this very well except when there is a * label in the Rdata. It returns with NOERROR, whereas Bind, Knot, and PowerDNS return with NXDOMAIN (Sorry for nitpicking a minor corner case).

Steps to reproduce

Consider the following sample zone file:

For the query <foo.campus.edu., A> the answer from the NSD server is:

          "rcode NOERROR",
          "flags QR AA",
          ";QUESTION",
          "foo.campus.edu. IN A",
          ";ANSWER",
          "foo.campus.edu. 500 IN CNAME www.*.campus.edu.",
          ";AUTHORITY",
          ";ADDITIONAL"

Expected/Actual behavior

The answer section would be the same for the above query, but the RCODE should be NXDOMAIN.

Thank you for your quick replies.