[dns-operations] NXDOMAIN and negative caching
Michael Sinatra
michael at brokendns.net
Mon Feb 1 23:56:54 UTC 2016
On 02/01/2016 15:21, Michael Smitasin wrote:
> Just wanted to confirm my understanding:
>
> - An NXDOMAIN / Name Error response indicates the domain name does not
> exist, while a No Data response indicates the domain exists but no data
> of the queried type exists. (Mostly looking at RFC 1035 Section 5.2.1)
> - An NXDOMAIN should be cached for a given QNAME, QCLASS. (RFC 2038
> Section 5)
>
> What I infer from that (perhaps it's explicitly stated elsewhere?) is
> two things:
>
> - An NXDOMAIN indicates /no/ records exist for that name.
> - When an NXDOMAIN is cached, it will be returned for /any/ QTYPE
> matching the same QNAME, QCLASS.
>
> We have a situation where an authoritative server (outside our control)
> is returning a good A record but when the same name is queried for an NS
> record, it returns NXDOMAIN. Once our caching nameservers get that
> NXDOMAIN, they start returning it to our client queries for the A
> record. If my understanding of the above is true, our caching
> nameservers are behaving correctly, but the authoritative server should
> not be returning NXDOMAIN for that name? If so, is anyone familiar with
> the circumstances where that would be the case or have recommendations I
> can forward on to the operators of that authoritative server?
As the operator of one of your "outside" authoritative DNS servers, I
can think of a few reasons this may be happening. Feel free to contact
me off-list with the actual domain and we can figure it out (even if it
isn't one of our servers that's causing the problem).
michael
More information about the dns-operations
mailing list