Address03 does not follow out-of-zone aliases (CNAME)

[marc-vanderwal]

This issue is related to zonemaster/zonemaster#1353.

When a reverse lookup for an IP address is attempted and the initial PTR query leads to a CNAME whose target is in another zone, Address03 incorrectly reports that the affected name server’s IP has no reverse DNS.

This can be seen in the wild when attempting to test le-fay.org (see below). The second line (with the WARNING) is incorrect, and should have been similar to the first one:

$ zonemaster-cli --test address03 le-fay.org

Seconds Level    Message
======= ======== =======
   2.82 NOTICE   Nameserver ns-auth-1.svc.inet.le-fay.org has an IP address (2001:8b0:aab5:4::9) with mismatched PTR result (fuchsia.eden.le-fay.org.).
   3.28 WARNING  Nameserver ns-auth-1.svc.inet.le-fay.org has an IP address (81.187.47.195) without PTR configured.
   3.53 NOTICE   Nameserver ns-auth-2.svc.inet.le-fay.org has an IP address (2001:ba8:4015:100::2) with mismatched PTR result (amaranth.eden.le-fay.org.).
   3.80 NOTICE   Nameserver ns-auth-3.svc.inet.le-fay.org has an IP address (176.126.243.79) with mismatched PTR result (yarrow.eden.le-fay.org.).
   4.00 NOTICE   Nameserver ns-auth-3.svc.inet.le-fay.org has an IP address (2a00:1098:6b:100::2) with mismatched PTR result (yarrow.eden.le-fay.org.).

That is because there is a classless in-addr.arpa delegation going on:

$ dig +nocmd +nostats +nord @auth.primary-dns.co.uk. PTR 195.47.187.81.in-addr.arpa.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40019
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65000
;; QUESTION SECTION:
;195.47.187.81.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
195.47.187.81.in-addr.arpa. 3600 IN     CNAME   195.192-207.47.187.81.in-addr.arpa.

;; AUTHORITY SECTION:
192-207.47.187.81.in-addr.arpa. 3600 IN NS      ns-auth-1.svc.inet.le-fay.org.
192-207.47.187.81.in-addr.arpa. 3600 IN NS      ns-auth-2.svc.inet.le-fay.org.
192-207.47.187.81.in-addr.arpa. 3600 IN NS      ns-auth-3.svc.inet.le-fay.org.

The CNAME target points to another zone, which is outside the authority of auth.primary-dns.co.uk. Following up, we get this:

$ dig +nocmd +nostats +nord @ns-auth-1.svc.inet.le-fay.org PTR 195.192-207.47.187.81.in-addr.arpa.
;; BADCOOKIE, retrying.
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24205
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 59947e3d059cf23c0100000067bc72ac0e77dcf2ec4a43b2 (good)
;; QUESTION SECTION:
;195.192-207.47.187.81.in-addr.arpa. IN PTR

;; ANSWER SECTION:
195.192-207.47.187.81.in-addr.arpa. 3600 IN PTR fuchsia.eden.le-fay.org.