[bind10-dev] some overflow? (NOERROR versus NXDOMAIN)
Jeremy C. Reed
jreed at isc.org
Wed Mar 10 18:48:44 UTC 2010
Sometimes the server returns NXDOMAIN when doing a lookup for a record
that doesn't exist but the label does exist so should return NOERROR.
The label before the record I lookup appears to cause the problem.
I had a huge zone file that I slowly removed from until I could get a
small test case.
-=-=-=-=-=-=-
Zone #1:
noerror.testzone. 600 IN SOA dns foo 1 2 3 4 5
86400 NS dns
111111111111111111111111111111111111.noerror.testzone. 86400 IN CNAME whatever
22222222222222222222222.noerror.testzone. 86400 IN AAAA 2001:470:1F00:FFFF::1
When I do this lookup:
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 -p 5300
22222222222222222222222.noerror.testzone A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28570
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
(snipped)
You see I get NOERROR with 0 answers. This is what I expect.
-=-=-=-=-=-=
Zone #2 has one character longer in the CNAME label above:
noerror.testzone. 600 IN SOA dns foo 1 2 3 4 5
86400 NS dns
1111111111111111111111111111111111111.noerror.testzone. 86400 IN CNAME whatever
22222222222222222222222.noerror.testzone. 86400 IN AAAA 2001:470:1F00:FFFF::1
But when I do the exact same query:
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 -p 5300
22222222222222222222222.noerror.testzone A
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49284
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
I get NXDOMAIN instead of NOERROR.
I need another set of eyes because I have tried over 30 zone files
tracking this down.
(I didn't see anything interesting when looking at the records in
sqlite3.)
More information about the bind10-dev
mailing list