On Fri, Dec 12, 2008 at 12:37 PM, Carl Houseman <[email protected]> wrote: > When there are multiple adapters each with their own DNS, DNS > resolution is attempted on each adapter in turn until one resolves > it and only fails if none of them resolve it.
I believe that is inaccurate. To the best of my knowledge, an NXDOMAIN response from an authoritative nameserver *is* considered a successful result for a DNS query. The query did not fail. The local stub resolver *did* receive an answer. That answer said, "I contacted a nameserver which is authoritative for the zone in question, and that nameserver said the domain name you want does not exist". A failure would be a SERVFAIL response from an intermediate full-service resolver, or no response at all (timeout). In every relevant situation I've encountered, observed behavior has corroborated the above. It's the difference between sending an email message and getting a failure notice stating "The recipient address does not exist on this server", vs sending an email message and getting a failure notice stating "The destination email server could not be reached after several tries; I'm giving up". The former says authoritatively the recipient address is bogus; the message could never be delivered (unless configuration changes). The later just says your message could not be delivered, but it might be a temporary problem. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
