[dns-operations] Is NXDOMAIN wrong when a record of the same label but different type exists?

Mon Aug 5 23:53:32 UTC 2024

Additionally, recursive server cache NXDOMAIN responses, so the order of queries can
make it appear that records that exist don’t.

[ant:~/git/bind9] marka% dig mx.l3harris.com 
;; BADCOOKIE, retrying.

; <<>> DiG 9.21.0-dev <<>> mx.l3harris.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53261
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 370061f19184677a0100000066b1655c894a0c198fe60ecd (good)
;; QUESTION SECTION:
;mx.l3harris.com. IN A

;; ANSWER SECTION:
mx.l3harris.com. 30 IN A 128.170.196.41

;; Query time: 627 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Tue Aug 06 09:50:52 AEST 2024
;; MSG SIZE  rcvd: 88

[ant:~/git/bind9] marka% dig mx.l3harris.com mx
;; BADCOOKIE, retrying.

; <<>> DiG 9.21.0-dev <<>> mx.l3harris.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29621
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 666df07b66a2e67f0100000066b1656251072aebdea4b3c4 (good)
;; QUESTION SECTION:
;mx.l3harris.com. IN MX

;; AUTHORITY SECTION:
l3harris.com. 900 IN SOA mlb-ib-gm.net.harris.com. dnsadmin.harris.com. 175 10800 3600 2419200 900

;; Query time: 399 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Tue Aug 06 09:50:58 AEST 2024
;; MSG SIZE  rcvd: 138

[ant:~/git/bind9] marka% dig mx.l3harris.com aaaa
;; BADCOOKIE, retrying.

; <<>> DiG 9.21.0-dev <<>> mx.l3harris.com aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43591
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 174cffd3bd9a5d890100000066b1656785da617fff2368bc (good)
;; QUESTION SECTION:
;mx.l3harris.com. IN AAAA

;; AUTHORITY SECTION:
l3harris.com. 895 IN SOA mlb-ib-gm.net.harris.com. dnsadmin.harris.com. 175 10800 3600 2419200 900

;; Query time: 0 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Tue Aug 06 09:51:03 AEST 2024
;; MSG SIZE  rcvd: 138

[ant:~/git/bind9] marka% dig mx.l3harris.com a
;; BADCOOKIE, retrying.

; <<>> DiG 9.21.0-dev <<>> mx.l3harris.com a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 28837517d952cd9b0100000066b1656b2a4600fd1f942ac8 (good)
;; QUESTION SECTION:
;mx.l3harris.com. IN A

;; AUTHORITY SECTION:
l3harris.com. 891 IN SOA mlb-ib-gm.net.harris.com. dnsadmin.harris.com. 175 10800 3600 2419200 900

;; Query time: 0 msec
;; SERVER: ::1#53(::1) (UDP)
;; WHEN: Tue Aug 06 09:51:07 AEST 2024
;; MSG SIZE  rcvd: 138

[ant:~/git/bind9] marka% 

> On 6 Aug 2024, at 08:35, Robert L Mathews <lists at tigertech.com> wrote:
> 
>> On Aug 5, 2024, at 3:25 PM, Patrick Mevzek <dnsoarc at ext.deepcore.org> wrote:
>> 
>> `NXDOMAIN` means the name does not exist, no matter which type.
> 
> That's super helpful, and the dnsviz.net report should be enough that I can convince them they're doing it wrong. Thanks!
> 
> -- 
> Robert L Mathews
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org