[BALUG-Talk] [BALUG-Admin] balug.org DNS review ... CHAOS ; -> ...
Rick Moen
rick@linuxmafia.com
Wed Sep 27 22:36:16 PDT 2017
Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
> $ dig +noall +answer +norecurse +comments @ns1.balug.org.
> version.bind TXT CHAOS
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49907
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> $ dig +noall +answer +norecurse +comments @ns1.balug.org.
> hostname.bind TXT CHAOS
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27923
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> $ dig +noall +answer +norecurse +comments @ns1.balug.org. id.server TXT CHAOS
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43870
> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> $
> Hmmmm... I might've expected NXDOMAIN ... but ... close enough.
Au contraire. There's a point about that. RCODE NOERROR with
ANSWER: 0 means there are _other_ RRs for that FQDN, and this is subtly
different from RCODE 'NXDOMAIN'[1], as explained on this
useful page, one I found just today while trying to finally learn the
difference:
http://prefetch.net/blog/index.php/2016/09/28/the-subtleties-between-the-nxdomain-noerror-and-nodata-dns-response-codes/
So what does NOERROR with an ANSWER of 0 actually represent? It means
one or more resource records exist for this domain but there isn't a
record matching the resource record type (A, AAAA, MX, etc.). This was a
useful clarification for me and helped me isolate and fix the issue I
was debugging. Sometimes the devil is in the details.
Worth reading.
More information about the BALUG-Talk
mailing list