'*' in Rdata causes the return code to be NOERROR instead of NX

[SivaKesava1]

Hi again,

Short description

When the target of a CNAME that belongs to the same zone does not exist, it is returned with the NXDOMAIN return code. NSD handles this very well except when there is a * label in the Rdata. It returns with NOERROR, whereas Bind, Knot, and PowerDNS return with NXDOMAIN (Sorry for nitpicking a minor corner case).

Steps to reproduce

Consider the following sample zone file:

campus.edu.	500 SOA	ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300
campus.edu.	500 NS	ns1.outside.edu.
foo.campus.edu.	500 CNAME	www.*.campus.edu.

For the query <foo.campus.edu., A> the answer from the NSD server is:

          "rcode NOERROR",
          "flags QR AA",
          ";QUESTION",
          "foo.campus.edu. IN A",
          ";ANSWER",
          "foo.campus.edu. 500 IN CNAME www.*.campus.edu.",
          ";AUTHORITY",
          ";ADDITIONAL"

Expected/Actual behavior

The answer section would be the same for the above query, but the RCODE should be NXDOMAIN.

Thank you for your quick replies.

[wcawijngaards]

Fixed it. It has to do with the internal data structure for storing domains in the memory of NSD, there a domain struct is created for the right hand of the CNAME, and it is set to be non-existing. The is_existing was not checked for the wildcard expansion, and this is fixed by the commit. So this fix is only for CNAMEs to a wildcard right hand, where that wildcard right hand does not exist in the zone. Thanks for the report!