<html><head><meta http-equiv="content-type" content="text/html; charset=us-ascii"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div>While debugging a mail delivery problem, I've encountered the following behavior that was surprising to me, and I wanted to check my understanding.</div><div><br></div><div>If I query this on my own recursive nameservers (that uses BIND 9.16.50-1~deb11u1):</div><div><br></div><div> $ dig <a href="http://mx.l3harris.com">mx.l3harris.com</a> A</div><div><br></div><div>... I get back a valid A record, with "status: NOERROR" and "ANSWER: 1". So far, so good.</div><div><br></div><div>If I then query the same label with a TXT type:</div><div><br></div><div><div> $ dig <a href="http://mx.l3harris.com">mx.l3harris.com</a> TXT</div></div><div><br></div><div>... I get back a "status: NXDOMAIN" response. That's fine, but if I then repeat the first query:</div><div><br></div><div><div> $ dig <a href="http://mx.l3harris.com">mx.l3harris.com</a> A</div></div><div><br></div><div>... it no longer works. I get a "status: NXDOMAIN" response until the negative cache result from the TXT lookup expires.</div><div><br></div><div>I don't think this is just my server, because I'm able to reproduce this at some public recursive DNS servers, like 134.195.4.2:</div><div><br></div><div><div> $ dig mx.l3harris.com A @134.195.4.2 | grep -o -E '(status|ANSWER): \S+'</div><div> status: NOERROR,</div><div> ANSWER: 1,</div><div> $ dig mx.l3harris.com TXT @134.195.4.2 | grep -o -E '(status|ANSWER): \S+'</div><div> status: NXDOMAIN,</div><div> ANSWER: 0,</div><div> $ dig mx.l3harris.com A @134.195.4.2 | grep -o -E '(status|ANSWER): \S+'</div><div> status: NXDOMAIN,</div><div> ANSWER: 0,</div></div><div><br></div><div>Am I correct that it's wrong for an authoritative DNS server to return NXDOMAIN for a TXT query in the case where an A query for the same label would be successful? If so, why do some recursive servers cache that result, and others don't?</div><div><br></div><div>And finally, does anyone know of a reputable-seeming public tool I can use to show the administrator of this zone that there's a problem?</div><div><div><br></div><div>
<meta charset="UTF-8"><div>-- <br>Robert L Mathews</div>
</div>
<br></div></body></html>