[dns-operations] query dropping vs. returning nxdomain
jim at rfc1035.com
Wed Mar 15 20:20:38 UTC 2006
On Mar 15, 2006, at 19:41, David Ulevitch wrote:
> Stubs don't talk to AA nameservers.
Only in an ideal world where nobody ever misconfigures software and
implementations always do The Right Thing. I'll go to that planet in
a heartbeat. :-)
> I am going to be lazy and not pull out my RFCs but don't stub
> resolvers, by definition, talk to their local caching nameserver?
> Otherwise they wouldn't be stub resolvers, they'd be resolvers or
> recursive nameservers or something else. right?
Stub resolvers just query a name server, usually as a one-shot lookup
to initiate some sort of internet transaction, like an SMTP session.
They should only query their local resolving server.
However if that happens to be authoritative for the local name space,
the properly configured stub resolver will be talking to an AA name
But DNS in the real world's not like that. [For instance define
"local" if you have a roaming GRPS handset. For bonus points extend
this definition to handsets that cross national borders and/or switch
telco providers while travelling at 300kph+.] Users can (and do) copy
each other's resolver configurations: after all DNS is voodoo to 99%
of the internet. People often stumble on a stub resolver setup that
works (sort of) despite it being sub optimal or completely wrong.
This even happens in controlled networks.
I used to do DNS for a global intranet. Amongst the anomalies were
desktops and name servers that thought they were on another company's
(unreachable) intranet and queried "local" servers that didn't exist.
Another joy was finding stub resolvers in a Korean factory that
ignored the local resolving servers and only queried a backbone
resolving name server in Europe.
More information about the dns-operations