Why wouldn't dns_get_record show CNAMEs when I KNOW they exist?

Question

I'm playing with DNS record lookup in PHP and am running into something confusing. I've looked up 2 different domains each using different hosts and different authoritative name servers. Both of these domains I know for certain have CNAMES.

I've looked up DNS records using this online tool: http://network-tools.com/ I've also looked them up using PHP's dns_get_record. A, NS, SOA, MX, etc. all come back. But no CNAMES. I get false/empty array.

In both cases I can log into the DNS control for these domains and see the CNAMES.

Why in the world would this be happening? The goal is to allow lookup and saving of all of the DNS records at the time prior to changing a client's domains to my company's nameservers (so that we don't accidentally externally hosted e-mail settings). CNAMES like pop.domain.com are going to be reasonably critical here, but no lookup I can find will admit they exist.

The real problem is of course the PHP function not returning them, since that's really where I need it.

But it confuses me that I can't find them elsewhere. Especially because I'm looking right at them in the place where I can add and remove DNS records. Says right here:

pop.domain.com CNAME pop.secureserver.net 0 900

(PHP Version 5.2.6 Linux 2.6.9-67.0.15.plus.c4smp)

Answer 1

I get this:

php -r 'print_r(dns_get_record("www.webservices.nl"));'
Array
(
    [0] => Array
        (
            [host] => www.webservices.nl
            [type] => CNAME
            [target] => webservices.nl
            [class] => IN
            [ttl] => 58030
        )

)

Answer 2

I think I've figured out why. I believe this has to do with "Zone Transfers" per this thread http://stackoverflow.com/questions/305495/is-it-possible-to-find-all-dns-subdomains-for-a-given-domain-name.

What I expect is the same functionality from the CNAME lookup as A, NS, MX--EVERYTHING ELSE. (Hardly an unrealistic expectation...)

dns_get_record("domain.com", DNS_CNAME, $authns_cname, $addtl_cname);

I expect to get back an array populated with all the CNAMES set up for domain.com. That's not what happens.

• I can get back the single CNAME entry for "www.domain.com" if that is the domain I pass in and there is a CNAME for it.
• I can get back the single CNAME entry for "*.domain.com" if that is the domain I pass in and there is a CNAME for it.
• I cannot get back literally all the CNAME records in order to save a record of all the CNAMES/subdomains/third level domains for domain.com, wildcard search or not.

I suppose I just had to phrase the question right (15th permutation found that promising answer). I assume both name servers (Dreamhost and my company's) are "protected" against this. Though it seems to me not to be terribly sensitive information in comparison to the rest of the DNS records.