"dig +trace" doesn't follow referrals with non-empty answer sections
Summary
"dig +trace" does not appear to be following referrals with a non-empty answer section, e.g. with CNAMEs pointing below the zone cut.
BIND version used
dig from BIND versions 9.11.x, 9.14.x, and 9.16.x
Steps to reproduce
$ dig +trace +nodnssec dfw.salesforce.com. A
(The "+nodnssec" is not needed - I just use that to reduce the clutter in the output).
What is the current bug behavior?
$ dig +trace +nodnssec dfw.salesforce.com. A
[...]
salesforce.com. 172800 IN NS udns1.salesforce.com.
salesforce.com. 172800 IN NS udns2.salesforce.com.
salesforce.com. 172800 IN NS udns3.salesforce.com.
salesforce.com. 172800 IN NS udns4.salesforce.com.
salesforce.com. 172800 IN NS pch1.salesforce-dns.com.
salesforce.com. 172800 IN NS pch2.salesforce-dns.com.
;; Received 433 bytes from 192.54.112.30#53(h.gtld-servers.net) in 111 ms
dfw.salesforce.com. 300 IN CNAME monitor-dfw.salesforce.com.
monitor-dfw.salesforce.com. 300 IN CNAME monitor-dfw.dfw.r.salesforce.com.
dfw.r.salesforce.com. 86400 IN NS ns1-dfw.salesforce.com.
;; Received 132 bytes from 2620:171:809::1#53(pch1.salesforce-dns.com) in 1 ms(dig terminates here without following the last referral response to the zone dfw.r.salesforce.com)
What is the expected correct behavior?
dig should follow the referral and query the zone dfw.r.salesforce.com for the name at the end of the CNAME chain in the referral response.
(Alternatively, it could try to resolve the CNAMEs in the parent zone until it ends up with a referral with an empty answer section, I suppose).
Relevant configuration files
N/A.
Relevant logs and/or screenshots
See output above.
Possible fixes
(If you can, link to the line of code that might be responsible for the problem.)