[dns-operations] NXDOMAIN at zone apex???
marka at isc.org
Thu May 25 21:42:20 UTC 2017
Resending w/o the list of names. Spamassassin is blocking emails
with the list of offending domains.
Mark Andrews writes:
> The SOA matches the zone being looked up and it would require extra
> code to reject this broken unsigned answer for a obsure corner case.
> Once the NXDOMAIN is cached even the SOA lookup gets NXDOMAIN from
> named. If the servers for a zone return inconstant answers depening
> on query type or any other factor it isn't the resolver's job to
> fix this. Garbage In Garbage Out.
> That said if a TLD or registrar was checking non meta QTYPE handling
> this would be a good reason to remove/reject the delegation. NOTIMP
> and NXDOMAIN shouldn't be returned for non meta QTYPEs at the zone
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations