BIND9's NXDOMAIN vs NOERROR/NODATA

Peter Koch pk at TechFak.Uni-Bielefeld.DE
Thu Dec 12 19:29:06 UTC 2002


Once again I came across BIND9's treatment of empty non leaf nodes:

If you have, say, an A RR for foo.bar.example.com but no records for
bar.example.com and send a query for "bar.example.com" of any type,
older BINDs will answer NOERROR, empty answer section ("NODATA").
BIND 9 will return "NXDOMAIN". From the first one can deduce the existence
of something below "bar.example.com", while the second is really misleading.

This must have been discussed before, but all I found was a rather old quote
from Paul Vixie stating:

>> NXDOMAIN's scope is the {name,type}.  RFC 2308 implicitly outlawed BIND's
>> behaviour, which is to return NOERROR/ANCOUNT=0 for empty nonterminals.

I did not yet manage to read this into RFC 2308 (section2, I guess) and being
"implicit" it would be in contradiction to section 4.3.2 of RFC 1034. How
can "bar.example.com" not exist if "foo.bar.example.com" does and obviously
is below "bar.example.com" in the DNS hierarchy? This is not consistent.

Could someone please agree with me or shed some light upon this? Thanks!

-Peter


More information about the bind-workers mailing list