[BALUG-Talk] [BALUG-Admin] balug.org DNS review ... CHAOS ; -> ...

Michael Paoli Michael.Paoli@cal.berkeley.edu
Thu Sep 28 09:35:54 PDT 2017


Thanks, a good - and reasonably brief - read that:
http://prefetch.net/blog/index.php/2016/09/28/the-subtleties-between-the-nxdomain-noerror-and-nodata-dns-response-codes/
that you referenced.  :-)

And indeed, is wee bit more CHAOS data out there:
$ (for d in version.bind hostname.bind server-id.bind id.server bind.  
server.; do dig +noall +answer +norecurse @ns1.balug.org. "$d" ANY  
CHAOS; done) | sort -u
hostname.bind.          0       CH      NS      hostname.bind.
hostname.bind.          86400   CH      SOA     hostname.bind.  
hostmaster.hostname.bind. 0 28800 7200 604800 86400
id.server.              0       CH      NS      id.server.
id.server.              86400   CH      SOA     id.server.  
hostmaster.id.server. 0 28800 7200 604800 86400
version.bind.           0       CH      NS      version.bind.
version.bind.           86400   CH      SOA     version.bind.  
hostmaster.version.bind. 0 28800 7200 604800 86400
$

So ... maybe I check further in future if there's reasonable way to
cleanly disable all that ... but not high on the task/priority
list at present - it's at least "good enough for now".
My "todo" list is only 5,848 lines long ... and I'm sure I've
forgotten to include many items and details.

> From: "Rick Moen" <rick@linuxmafia.com>
> Subject: Re: [BALUG-Talk] [BALUG-Admin] balug.org DNS review ...  
> CHAOS ; -> ...
> Date: Wed, 27 Sep 2017 22:36:16 -0700

> Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
>
>> $ dig +noall +answer +norecurse +comments @ns1.balug.org.
>> version.bind TXT CHAOS
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49907
>> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> $ dig +noall +answer +norecurse +comments @ns1.balug.org.
>> hostname.bind TXT CHAOS
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27923
>> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> $ dig +noall +answer +norecurse +comments @ns1.balug.org. id.server  
>> TXT CHAOS
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43870
>> ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> $
>> Hmmmm... I might've expected NXDOMAIN ... but ... close enough.
>
> Au contraire.  There's a point about that.  RCODE NOERROR with
> ANSWER: 0 means there are _other_ RRs for that FQDN, and this is subtly
> different from RCODE 'NXDOMAIN'[1], as explained on this
> useful page, one I found just today while trying to finally learn the
> difference:
> http://prefetch.net/blog/index.php/2016/09/28/the-subtleties-between-the-nxdomain-noerror-and-nodata-dns-response-codes/
>
>   So what does NOERROR with an ANSWER of 0 actually represent? It means
>   one or more resource records exist for this domain but there isn't a
>   record matching the resource record type (A, AAAA, MX, etc.). This was a
>   useful clarification for me and helped me isolate and fix the issue I
>   was debugging. Sometimes the devil is in the details.
>
> Worth reading.




More information about the BALUG-Talk mailing list