[dns-operations] query dropping vs. returning nxdomain

Jim Reid jim at rfc1035.com
Wed Mar 15 20:20:38 UTC 2006

On Mar 15, 2006, at 19:41, David Ulevitch wrote:
> Stubs don't talk to AA nameservers.

Only in an ideal world where nobody ever misconfigures software and  
implementations always do The Right Thing. I'll go to that planet in  
a heartbeat. :-)

> I am going to be lazy and not pull out my RFCs but don't stub  
> resolvers, by definition, talk to their local caching nameserver?  
> Otherwise they wouldn't be stub resolvers, they'd be resolvers or  
> recursive nameservers or something else. right?

Stub resolvers just query a name server, usually as a one-shot lookup  
to initiate some sort of internet transaction, like an SMTP session.  
They should only query their local resolving server.
However if that happens to be authoritative for the local name space,  
the properly configured stub resolver will be talking to an AA name  

But DNS in the real world's not like that. [For instance define  
"local" if you have a roaming GRPS handset. For bonus points extend  
this definition to handsets that cross national borders and/or switch  
telco providers while travelling at 300kph+.] Users can (and do) copy  
each other's resolver configurations: after all DNS is voodoo to 99%  
of the internet. People often stumble on a stub resolver setup that  
works (sort of) despite it being sub optimal or completely wrong.  
This even happens in controlled networks.

I used to do DNS for a global intranet. Amongst the anomalies were  
desktops and name servers that thought they were on another company's  
(unreachable) intranet and queried "local" servers that didn't exist.  
Another joy was finding stub resolvers in a Korean factory that  
ignored the local resolving servers and only queried a backbone  
resolving name server in Europe.

More information about the dns-operations mailing list