mikeV02 commented on PR #7083: URL: https://github.com/apache/trafficcontrol/pull/7083#issuecomment-1367535582
Hello, I am far from a PC at this moment. However, if you use the TR without the patch, you will see the reply is an NXDOMAIN, which is not okay as the domain does indeed exists. Applying the patch would instead return NOERROR, without any AAAA record (empty) [NODATA]. The current logic of returning NXDOMAIN, breaks certain resolvers, basically dropping everything from their cache, even A records. Let's say an IPv4 user comes and request an A record, TR replies normally and the DNS resolver (that the user has configured on his device) caches that response. Now, a second user comes and requests an AAAA record, now TR replies NXDOMAIN, with this, the resolver drops its previous A cache and now stores the NXDOMAIN for the duration of the TTL. This causes that if a third or more users, requesting an A record again, being returned NXDOMIAIN, even if it's an A record we know exits, until TTL expires. Here is the RFC defining the NXDOMAIN: https://www.rfc-editor.org/rfc/rfc8020 And here the RFC TR fails to fullfil without the patch: https://www.rfc-editor.org/rfc/rfc2308 (see section 2.2 about No Data) /_"NODATA" - a pseudo RCODE which indicates that the name is valid, for the given class, but are no records of the given type._/ Sincerely! Mike Dec 29, 2022 13:28:26 Steve Malenfant ***@***.***>: > I'm trying to test this now to see if this solves my NXDOMAIN issue. Could you add a specific test so I can understand what this tries to fix? > > For example, here's what I try: > > *dig @cdn1cdcrs0001.coxlab.net test.ece.cdn1.coxlab.net A +short > 68.1.14.136 > 68.1.14.145 > * > then, on the AAAA record: > > *$ dig @cdn1cdcrs0001.coxlab.net test.ece.cdn1.coxlab.net AAAA > > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.10 <<>> @cdn1cdcrs0001.coxlab.net test.ece.cdn1.coxlab.net AAAA > ; (2 servers found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52941 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > * > — > Reply to this email directly, view it on GitHub[https://github.com/apache/trafficcontrol/pull/7083#issuecomment-1367509728], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AB7J4R7F2MFC4RC42WPGIJLWPXJ4TANCNFSM6AAAAAAQSUXTI4]. > You are receiving this because you authored the thread.[Tracking image][https://github.com/notifications/beacon/AB7J4R4J6QKSX7IRMMPKLNLWPXJ4TA5CNFSM6AAAAAAQSUXTI6WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTSRQKFOA.gif] > -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
