pdnsutil DNAME checks have issues

[SivaKesava1]

• Program: Authoritative
• Issue Type: Bug report

Short description

The server returns records even if they are occluded by a DNAME. pdnsutil check-all-zones returns a warning except when the DNAME is at the root of the zone.

Environment

• Operating system: Ubuntu 18
• Software version: Authoritative Server 4.1.1
• Software source: Ubuntu repository

Steps to reproduce

Consider the following zone file:

campus.edu.	500 SOA	ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300
campus.edu.	500 NS	ns1.outside.edu.
d.campus.edu.	500 DNAME	f.campus.edu.
c.d.campus.edu.	500 A	1.1.1.1

For the query <c.d.campus.edu., A> the PDNS server returns the IP record and doesn't use the DNAME record. Other implementations either refuse to load the zone file or ignore the records below the DNAME as suggested by the RFC 6672, section 2.4.
When checked with pdnsutil, it tells the user about the occlusion:

[Warning] 'c.d.campus.edu|A' in zone 'campus.edu' is occluded by a DNAME at 'd.campus.edu.'
Checked 4 records of 'campus.edu,' 0 errors, 1 warnings.

We generally expect the user to first check with pdnsutil and fix issues before loading zone files, but it might also be helpful to either turn it into an error or ignore those occluded records.

---

The other interesting case is the following zone file:

campus.edu.	500 SOA	ns1.campus.edu. root.campus.edu. 3 86400 7200 604800 300
campus.edu.	500 NS	ns1.outside.edu.
campus.edu.	500 DNAME	campus.com.
foo.campus.edu.	500 A	1.1.1.1

When the DNAME record is at the zone apex, then pdnsutil does not warn and loads the zone file. It returns the IP record when queried for foo.campus.edu., preferring it over the DNAME record.

Expected/Actual behavior

I expected the DNAME record to be preferred.

[Habbie]

Duplicate of #1361 except for the DNAME-at-apex pdnsutil bug.

[Habbie]

#9735 fixes two bugs in pdnsutil check-zone. The rest of your ticket is covered by #1361 so I'm closing this one. Thanks!