too long CNAME chains do not elicit SERVFAIL or even log message

Summary

CNAME chain length is currently limited to ~ 16 steps. Chains longer than this limit are cut short, but the RDCODE is still NOERROR. This creates impression that the final hop might be NODATA answer.

Also I can't see any log message in logs that resolution was terminated prematurely.

BIND version used

Affects v9.19: a819d364
Affects v9.18: 6817bf12
Affects v9.16: 161d69ab
Affects v9.11 (EoL) : v9.11.37-S1
Other versions were not tested

Steps to reproduce

Setup an auth zone with too long CNAME chain:

Query for it in default resolver config.

What is the current bug behavior?

RCODE=NOERROR despite the incomplete CNAME chain.

$ dig c0000.local.testiscorg.ch. A
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20544
;; flags: qr rd ra; QUERY: 1, ANSWER: 17, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 102100bdc30994f717d0d76d655f5b7d3a1f039d04cd3a86 (good)
;; QUESTION SECTION:
;c0000.local.testiscorg.ch.	IN	A

;; ANSWER SECTION:
c0000.local.testiscorg.ch. 0	IN	CNAME	c0001.local.testiscorg.ch.
c0001.local.testiscorg.ch. 0	IN	CNAME	c0002.local.testiscorg.ch.
c0002.local.testiscorg.ch. 0	IN	CNAME	c0003.local.testiscorg.ch.
c0003.local.testiscorg.ch. 0	IN	CNAME	c0004.local.testiscorg.ch.
c0004.local.testiscorg.ch. 0	IN	CNAME	c0005.local.testiscorg.ch.
c0005.local.testiscorg.ch. 0	IN	CNAME	c0006.local.testiscorg.ch.
c0006.local.testiscorg.ch. 0	IN	CNAME	c0007.local.testiscorg.ch.
c0007.local.testiscorg.ch. 0	IN	CNAME	c0008.local.testiscorg.ch.
c0008.local.testiscorg.ch. 0	IN	CNAME	c0009.local.testiscorg.ch.
c0009.local.testiscorg.ch. 0	IN	CNAME	c0010.local.testiscorg.ch.
c0010.local.testiscorg.ch. 0	IN	CNAME	c0011.local.testiscorg.ch.
c0011.local.testiscorg.ch. 0	IN	CNAME	c0012.local.testiscorg.ch.
c0012.local.testiscorg.ch. 0	IN	CNAME	c0013.local.testiscorg.ch.
c0013.local.testiscorg.ch. 0	IN	CNAME	c0014.local.testiscorg.ch.
c0014.local.testiscorg.ch. 0	IN	CNAME	c0015.local.testiscorg.ch.
c0015.local.testiscorg.ch. 0	IN	CNAME	c0016.local.testiscorg.ch.
c0016.local.testiscorg.ch. 0	IN	CNAME	c0017.local.testiscorg.ch.

What is the expected correct behavior?

Same output but SERVFAIL.

Relevant logs and/or screenshots

There is no log message indicating that the chain was cut prematurely. Here's named log running at -d 99 from the main branch: named.log

Other implementations

PowerDNS Recursor 4.9.1 SERVFAILs and cuts the chain on c0011
Knot Resolver 5.7.0 SERVFAILs and cuts the chain on c0013
Unbound 1.19.0 commit 197bf154 SERVFAILs and does not return anything in the ANSWER section. PCAP suggests it stops chasing after encountering c0011.

Edited Nov 23, 2023 by Petr Špaček

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information