BIND9's NXDOMAIN vs NOERROR/NODATA
Paul Vixie
paul at vix.com
Thu Dec 12 20:16:00 UTC 2002
> If you have, say, an A RR for foo.bar.example.com but no records for
> bar.example.com and send a query for "bar.example.com" of any type,
> older BINDs will answer NOERROR, empty answer section ("NODATA").
> BIND 9 will return "NXDOMAIN". From the first one can deduce the
> existence of something below "bar.example.com", while the second is
> really misleading.
i agree.
> This must have been discussed before, but all I found was a rather old
> quote from Paul Vixie stating:
>
> >> NXDOMAIN's scope is the {name,type}. RFC 2308 implicitly outlawed BIND's
> >> behaviour, which is to return NOERROR/ANCOUNT=0 for empty nonterminals.
note that i was wrong. NXDOMAIN's scope is {name}, and is type-independent.
> I did not yet manage to read this into RFC 2308 (section2, I guess)
> and being "implicit" it would be in contradiction to section 4.3.2 of
> RFC 1034. How can "bar.example.com" not exist if "foo.bar.example.com"
> does and obviously is below "bar.example.com" in the DNS hierarchy?
> This is not consistent.
that's true, and in the case of inconsistency there is no right answer, and
in this case the latter document (RFC2308) was allowed to win.
> Could someone please agree with me or shed some light upon this? Thanks!
i still think NOERROR/ANCOUNT=0 is the right answer.
More information about the bind-workers
mailing list