[dns-operations] why does that domain resolve?

A. Schulze sca at andreasschulze.de
Fri Jun 4 15:52:46 UTC 2021


we found the domain "xn--80atcidr8i.xn--p1ai." in one of our logs.

the TLD "xn--p1ai." delegate "xn--80atcidr8i.xn--p1ai." to two working nameservers.
But these nameserver choose to announce "ns1.example.com" and "ns2.example.com" as authoritative.
These names are garbage.

But most resolver do not fail to give an answer for "xn--80atcidr8i.xn--p1ai. /A"
So I wonder, why do so many resolver [1] obviously do only follow a delegation and ignore authoritative data?
Is it really some sort of "Hey, you asked for $domain/A, the setup is so broken, but I tried really my best: here as an answer..." ?


 - unbound-1.13.1
 - Debian Buster's Bind 9.10.3

More information about the dns-operations mailing list