Records below delegation are not ignored (kzonecheck also does not raise any issue)
Hi,
When a zone file has resource records below a child NS record (delegation), they must be either ignored or signaled as an error.
For example, consider the following zone file:
| campus.edu. | 500 SOA | ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300 |
| campus.edu. | 500 NS | ns1.outside.edu. |
| bar.campus.edu. | 500 NS | ns2.outside.edu. |
| foo.bar.campus.edu. | 500 CNAME | test.com. |
For the query <foo.bar.campus.edu, NS>, the response returned by Knot was:
"opcode QUERY",
"rcode NOERROR",
"flags QR AA",
";QUESTION",
"foo.bar.campus.edu. IN NS",
";ANSWER",
"foo.bar.campus.edu. 500 IN CNAME test.com.",
";AUTHORITY",
";ADDITIONAL"The response should have been actually the <bar.campus.edu., NS> record (delegation). BIND and PowerDNS respond with the delegation record and ignore the record below the NS record.
To be sure, I have checked the zone file using kzonecheck -o campus.edu file.txt, and there are no errors or warnings raised.
The interesting part is that the behavior is fine (returns the NS record) if the record was something like A record instead of the CNAME record.