Can a valid CNAME response contain an NXDOMAIN status?

Question

There appear to be some intermittent problems with our hosting company DNS. Is the following DNS response a valid CNAME response?

When proxied through home ISP and router this seems to flip intermittently between an NXDOMAIN response and a NOERROR + CNAME resolution. My hunch is that the correct behaviour when receiving NXDOMAIN and CNAME in a single response is undefined and I'm getting a different response based on the machines my query has gone through.

dig @ns2.hostdns4u.com i.baby-gaga.com

; <<>> DiG 9.5.1-P3 <<>> @ns2.hostdns4u.com i.baby-gaga.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26592
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;i.baby-gaga.com.       IN  A

;; ANSWER SECTION:
i.baby-gaga.com.    3600    IN  CNAME   babygaga.cachefly.net.

;; AUTHORITY SECTION:
.           3600    IN  SOA whg1.hostdns4u.com. amber.barnberrycupboard.com. 0 10800 3600 604800 3600

;; Query time: 143 msec
;; SERVER: 207.55.240.2#53(207.55.240.2)
;; WHEN: Tue Jul  6 09:00:01 2010
;; MSG SIZE  rcvd: 142

Answer 1

There's an ongoing debate in the IETF "DNSEXT" Working Group about the correct response to a query when the target of the CNAME does not exist and in other unusual circumstances.

In this case I believe the response is definitely incorrect.

ns2.hostdns4u.com is authoritative for babygaga.com. It should be returning NOERROR rather than NXDOMAIN when you ask for the A record.

This would indicate that although the specific (NAME,CLASS,TYPE) tuple doesn't exist, the name itself does.

The behaviour of a cache seeing the incorrect NXDOMAIN response is not well defined. Whilst some will follow the CNAME record regardless, other resolvers may decide that the whole i.baby-gaga.com domain doesn't exist.