[dns-operations] Authoritative name server replies NODATA for a non-existing domain
matthaeus.wander at uni-due.de
Wed Apr 22 15:50:08 UTC 2015
* Stephane Bortzmeyer [2015-04-22 16:16]:
> On Wed, Apr 22, 2015 at 03:12:24PM +0200,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
> a message of 30 lines which said:
>> IMHO, all the name servers should reply NXDOMAIN, no?
> Or could it be a "minimum response", intended to prevent zone
It's not minimal, the hash range is very large (wraparound record from
D9D... to VVV... and 000... to 4DL...), covering the hashes of the query
name, wildcard name and closest encloser.
> d9dhvu2eiln97dgi23tkh43hq2uvh7uq.adult. 829 IN NSEC3 1 1 1 D399EAAB 4DLOEEUR1VQ4LQ6N7QUS62O2MAIUPGRM NS SOA RRSIG DNSKEY NSEC3PARAM
I'd expect NXDOMAIN, too. Apart from an unusual rcode, the response
looks valid. Does this qualify as a protocol violation?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5414 bytes
Desc: S/MIME Cryptographic Signature
More information about the dns-operations