[dns-operations] NXDOMAIN vs NOERROR/no answers for non-existant records
Shumon Huque
shuque at gmail.com
Fri Apr 3 11:48:16 UTC 2020
On Fri, Apr 3, 2020 at 7:35 AM Matthew Richardson <matthew-l at itconsult.co.uk>
wrote:
> I am observing responses from particular authoratitive servers for
> non-existant domains, which is puzzling me. I thought I understood this
> topic, but am now having doubts...
>
> Consider two (real) non-existant records (which are not empty non-terminals
> - there is nothing below them):-
>
> doesnotexist.mtgmon.itconsult.net
> doesnotexist.monitor.itconsult.net
>
> where mtgmon.itconsult.net & monitor.itconsult.net are delegated to
> different authoratitives.
>
> Querying each against the authoratitives returns NOERROR with "ANSWER: 0"
> for the first one and NXDOMAIN for the second, behaviour which is
> consistent across all the authoratitives:-
>
The second one, doesnotexist.monitor.itconsult.net., does not appear to be
delegated from its parent. That's why you're getting NXDOMAIN - that
response is coming from the parent zone: itconsult.net.
>> Query: doesnotexist.monitor.itconsult.net. A IN at zone itconsult.net.
>> Send to zone itconsult.net. at address 193.201.42.1
ERROR: NXDOMAIN: doesnotexist.monitor.itconsult.net. not found
Shumon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200403/563d6117/attachment.html>
More information about the dns-operations
mailing list