[dns-operations] Authoritative name server replies NODATA for a non-existing domain
edward.lewis at icann.org
Thu Apr 23 14:46:20 UTC 2015
On 4/23/15, 2:45, "Michał Kępień" <michal.kepien at nask.pl> wrote:
>> Yes, its due to bug:
>> • Fix RCODE when secondary NSD got transfer that includes deleted
>>wildcard record. After deletion, NSD would serve NODATA, should be
>>NXDOMAIN (thanks Michal Kepien).
>This is fun - I never expected this bug to be publicly noticed for a
Bugs happen. In past work I've done, I've seen some very detailed ones
that even the TLD operator wasn't aware was happening. (Even "big time"
operators, in the class of I could call one of their engineers and they
got it right away.) By bugs, I include unexpected yet sometimes still
very protocol-valid results.
This is an artifact of using off-the-shelf components (open source or not)
which have so many features/etc. that testing every nook-and-cranny is
impractical. (Risk management ... don't waste resources testing things
that won't matter.) The issue seen on this thread shows code diversity
(and why some want it), so good.
When bugs pop up I usually contact the operator off-list partly to confirm
that it is a bug and sometimes learn the make and model of what they are
running. Usually the operator takes care of contacting the tool maker, if
not, I do. Usually we work that out based on convenience.
Mind you - I not all bugs are "serious" as in operations impacting. In
this case, the name in question doesn't 'exist' so any access to it
(WWW/SSH/FTP) is doomed anyway. Whether it's NXDOMAIN or NODATA, there's
no AAAA or A record to be had. Yes, you'll trip up DNSVIZ and get your
name in the permanent record.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4604 bytes
Desc: not available
More information about the dns-operations