On Sat, Aug 07, 2021 at 11:13:36AM +0530, Shreyas Zare wrote: > However, querying for "cn-ecg.cfe.uber.com" to the same server responds > with an answer: > > Query Link: > https://dnsclient.net/#edns126.ultradns.com/cn-ecg.cfe.uber.com/A/UDP
See: https://dnsviz.net/d/cn-ecg.cfe.uber.com/dnssec/ There's a zone cut at cfe.uber.com with the same nameservers on both sides of the cut. Asking for child-side records (including NS) returns the records from the child-side of the cut, but asking for parent side records returns NXDOMAIN, since there is likely no data at all for "cfe" in the parent zone: $ dig +norecur +noall +nocl +nottl +comment +ans +auth +nosplit @edns126.ultradns.com. -t ds cfe.uber.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54012 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; AUTHORITY SECTION: uber.com. SOA edns126.ultradns.com. serviceproviders.uber.com. 2019057840 3600 180 604800 900 Likely the CNAME recursion uses parent-zone data to conclude that the target name does not exist: $ dig +norecur +noall +nocl +nottl +comment +ans +auth +nosplit @edns126.ultradns.com. -t a frontends-cloud.uber.com. ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37512 ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; ANSWER SECTION: frontends-cloud.uber.com. CNAME cn-ecg.cfe.uber.com. ;; AUTHORITY SECTION: uber.com. SOA edns126.ultradns.com. serviceproviders.uber.com. 2019057840 3600 180 604800 900 The parent zone needs to be updated to add delegation NS records for "cfe.uber.com". -- Viktor. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
