Reply Code 0x8083 vs 0x8080

Mark Andrews marka at isc.org
Thu May 29 22:31:15 UTC 2014 

In message <53879683.2080500 at chrysler.com>, Kevin Darcy writes:
> Why the different RCODES? See RFC 2308. Short version: the "NODATA" 
> response occurs when the QNAME exists, but no records match QTYPE. It 
> will also occur if the QNAME is merely a "branch" to something further 
> down in the hierarchy (a so-called "empty non-terminal"), and owns no 
> records of its own.
> 
> I'm not sure why NODATA would inhibit search-suffixing, but I just 
> confirmed on a Linux platform that it does. Weird.
> 
>                                          - Kevin

Actually is it perfectly logical and fixes a long standing security
bug.  A name should refer to a single node in the DNS not multiple
nodes depending upon the query type.  A search should always end
on the same node independent of query type.

What is broken is putting a bare SRV prefix into res_search.
res_search was not designed for that type of searching and doing
so introduces the sort of security errors talked about in RFC 1535.

Mark

> On 5/29/2014 2:40 PM, Jiann-Ming Su wrote:
> > What could cause BIND to respond with reply code 0x8083 (no such name) vs 0
> x8080 (no error)?
> >
> > I have an app doing srv queries without the domain name appended.  One time
> , server will respond with no such name (flags 0x8083) which causes the app t
> o query again with domain name appended.  Another time, the DNS server respon
> ds with no error (flags 0x8080) which causes the app to query again without t
> he domain suffix appended.
> >
> > I may very well be debugging an application problem, but I'm curious as to 
> why BIND would respond with different codes.  Thanks for any insights.
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri
> be from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> >
> >
> >
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list