[PR #3179] [MERGED] Fix CNAME chasing #3617

New issue

Closed

opened 2026-03-16 11:53:25 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:53:25 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/3179
Author: @divergentdave
Created: 8/6/2025
Status: ✅ Merged
Merged: 8/8/2025
Merged by: @divergentdave

Base: main ← Head: david/fix-cname-chasing

📝 Commits (4)

fe5971d Add tests for CNAME chasing across zones
54ec917 Don't restart query for CNAME when data present
3c7c32f Include RRSIGs when chasing CNAMEs
6a57349 Only set AD when AD or DO is set in query

📊 Changes

4 files changed (+343 additions, -19 deletions)

View changed files

📝 conformance/packages/conformance-tests/src/resolver/dns/scenarios/cname.rs (+123 -5)
📝 conformance/packages/conformance-tests/src/resolver/dnssec/scenarios/cname.rs (+192 -7)
📝 crates/recursor/src/recursor_dns_handle.rs (+20 -3)
📝 crates/server/src/authority/catalog.rs (+8 -4)

📄 Description

This makes two fixes to CNAME processing, and fixes an unrelated issue surfaced by the same tests. First, if data for a canonical name is present, we no longer restart the search. This solves the duplicate record issue. Second, RRSIG records are now copied into the final response. I also noticed that we were setting the AD header flag in responses in cases where other servers were not. I fixed this by first checking if either the AD or DO flag was set in the initiating query. See the PowerDNS manual for an example of this logic. Additional tests are added to test chasing CNAMEs across zones, which I don't think we had coverage for before. This closes #3153.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/3179 **Author:** [@divergentdave](https://github.com/divergentdave) **Created:** 8/6/2025 **Status:** ✅ Merged **Merged:** 8/8/2025 **Merged by:** [@divergentdave](https://github.com/divergentdave) **Base:** `main` ← **Head:** `david/fix-cname-chasing` --- ### 📝 Commits (4) - [`fe5971d`](https://github.com/hickory-dns/hickory-dns/commit/fe5971d30fd2df9344f0fcb092aa1500fdf0d88d) Add tests for CNAME chasing across zones - [`54ec917`](https://github.com/hickory-dns/hickory-dns/commit/54ec9179f08eba23cbf3d3d7e428aa06b995b748) Don't restart query for CNAME when data present - [`3c7c32f`](https://github.com/hickory-dns/hickory-dns/commit/3c7c32f6f6eae4f75f5baad97af538c619d47b50) Include RRSIGs when chasing CNAMEs - [`6a57349`](https://github.com/hickory-dns/hickory-dns/commit/6a57349b6e12569beabbbcba553161bb3c8e50d9) Only set AD when AD or DO is set in query ### 📊 Changes **4 files changed** (+343 additions, -19 deletions) <details> <summary>View changed files</summary> 📝 `conformance/packages/conformance-tests/src/resolver/dns/scenarios/cname.rs` (+123 -5) 📝 `conformance/packages/conformance-tests/src/resolver/dnssec/scenarios/cname.rs` (+192 -7) 📝 `crates/recursor/src/recursor_dns_handle.rs` (+20 -3) 📝 `crates/server/src/authority/catalog.rs` (+8 -4) </details> ### 📄 Description This makes two fixes to CNAME processing, and fixes an unrelated issue surfaced by the same tests. First, if data for a canonical name is present, we no longer restart the search. This solves the duplicate record issue. Second, RRSIG records are now copied into the final response. I also noticed that we were setting the AD header flag in responses in cases where other servers were not. I fixed this by first checking if either the AD or DO flag was set in the initiating query. See the [PowerDNS manual](https://doc.powerdns.com/recursor/dnssec.html#process) for an example of this logic. Additional tests are added to test chasing CNAMEs across zones, which I don't think we had coverage for before. This closes #3153. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>