[dns-operations] DNAME, authoritative name servers, and the return code for non-existing domains

Stephane Bortzmeyer bortzmeyer at nic.fr
Tue May 28 11:28:34 UTC 2019

If you look at the TLD xn--kprw13d, you'll see it's an alias (through
DNAME) for the TLD xn--kpry57d. If you query the authoritative name
servers of xn--kprw13d for a *non*-existing subdomain of the TLD, you
will see that all of them reply NXDOMAIN *except* anytld.apnic.net and
h.dns.tw. They return a NOERROR (and with the AA bit).

RFC 6604 clearly says that the return code must be the last of the
chain of aliases, here NXDOMAIN (since the same name servers are
authoritative for the alias and the canonical name). It seems to me
anytld.apnic.net and h.dns.tw violate RFC 6604. Before I report it to
their sysadmins, I would like to get some advice: are they right or

More information about the dns-operations mailing list