<div dir="ltr">Hi,<div><br></div><div>Public resolvers commonly avoid sending queries for locally served zones to the "blackhole" servers (AS112), instead, they synthesize NXDOMAIN responses directly.<div><div><br></div><div>We can see the same behavior from public DNS resolvers. The missing OPT RR from 1.1.1.1 apparently is a bug that will be fixed soon.<br><div><br></div><div>$ dig @<a href="http://1.1.1.1">1.1.1.1</a> 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd <a class="gmail_plusreply" id="plusReplyChip-0">+nostat</a><br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11703<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br><br>;; QUESTION SECTION:<br>;1.0.0.10.in-addr.arpa. IN PTR<br><br>$ dig @<a href="http://8.8.8.8">8.8.8.8</a> 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd <a class="gmail_plusreply" id="gmail-plusReplyChip-0">+nostat</a><br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9790<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags: do; udp: 512<br>;; QUESTION SECTION:<br>;1.0.0.10.in-addr.arpa. IN PTR<br><br>$ dig @<a href="http://9.9.9.9">9.9.9.9</a> 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd <a class="gmail_plusreply" id="gmail-plusReplyChip-0">+nostat</a><br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54612<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags: do; udp: 1232<br>;; QUESTION SECTION:<br>;1.0.0.10.in-addr.arpa. IN PTR<br></div></div></div></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, Feb 20, 2026 at 8:19 AM Tatsuya Jinmei via dns-operations <<a href="mailto:dns-operations@dns-oarc.net">dns-operations@dns-oarc.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-1290096445357613463"><br><br><br>---------- Forwarded message ----------<br>From: Tatsuya Jinmei <<a href="mailto:jtatuya@infoblox.com" target="_blank">jtatuya@infoblox.com</a>><br>To: "<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>" <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>Cc: <br>Bcc: <br>Date: Fri, 20 Feb 2026 07:07:47 +0000<br>Subject: 1.1.1.1 omits EDNS OPT RR when serving "locally served zones"<br>
<div dir="ltr">
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hi dns-operators,</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>I've recently noticed that 1.1.1.1 omits EDNS OPT RR in its response to certain queries, e.g.:</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>% dig @<a href="http://1.1.1.1" target="_blank">1.1.1.1</a> 1.0.0.10.in-addr.arpa ptr +edns</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>; <<>> DiG 9.18.20 <<>> @<a href="http://1.1.1.1" target="_blank">1.1.1.1</a> 1.0.0.10.in-addr.arpa ptr +edns</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>; (1 server found)</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; global options: +cmd</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; Got answer:</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61776</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; QUESTION SECTION:</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;1.0.0.10.in-addr.arpa. IN PTR</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; Query time: 2 msec</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; WHEN: Thu Feb 19 22:51:21 PST 2026</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>;; MSG SIZE rcvd: 39</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>(It also omits SOA in the authority section). It includes OPT RR (and</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>SOA in the case of NXDOMAIN) for other cases like <a href="http://x.root-servers.net" target="_blank">x.root-servers.net</a></span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>(resulting in NXDOMAIN) or 4.0.41.198.in-addr.arpa/PTR.</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>After trying various queries, it looks like this happens when the</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>query name is listed in RFC6303.</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>Is this a known behavior (I couldn't find any report on the net, thus</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>asking here)? And, does anyone know the rationale of this behavior?</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>Thanks,</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>--</span></div>
<div style="font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span>jinmei</span></div>
</div>
<br><br><br>---------- Forwarded message ----------<br>From: Tatsuya Jinmei via dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>To: "<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>" <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>Cc: <br>Bcc: <br>Date: Fri, 20 Feb 2026 07:07:47 +0000<br>Subject: [dns-operations] 1.1.1.1 omits EDNS OPT RR when serving "locally served zones"<br>_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</div></blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><p style="font-family:Helvetica;font-size:12px;color:rgb(64,64,64)"><br></p><p style="font-family:Helvetica;font-size:12px;color:rgb(64,64,64)"><b>Hunts Chen</b> | Systems Engineer<br><a href="mailto:hunts@cloudflare.com" style="color:rgb(47,123,191)" target="_blank">hunts@cloudflare.com</a><br>cell: <a href="tel:+16268980153" style="color:rgb(47,123,191)" target="_blank">+1 (626) 898-0153</a><br>Kirkland, WA</p><a href="https://www.cloudflare.com/" style="font-family:Times;font-size:medium" target="_blank"><div style="background-image:url("https://www.cloudflare.com/img/signature-cloud.png");width:200px;height:30px;margin-right:20px;margin-top:20px"></div></a><p style="font-family:Helvetica;font-size:12px;color:rgb(64,64,64)">1 888 99 FLARE | <a href="https://www.cloudflare.com/" style="color:rgb(47,123,191)" target="_blank">www.cloudflare.com</a></p></div></div></div></div></div></div>