On Fri, Oct 06, 2006 at 03:41:42PM +0200, bert hubert wrote: > Warning about NXDOMAIN: It is clear from RFC 1034 and RFC 1035 that an > NXDOMAIN guarantees the nonexistence of every subdomain of the query domain. > For example, if a cache sees an NXDOMAIN for ns.heaven.af.mil, it can > conclude that a.ns.heaven.af.mil and b.ns.heaven.af.mil don't exist. If a > server has records for a.ns.heaven.af.mil and b.ns.heaven.af.mil, but no > records for ns.heaven.af.mil. it sends a zero-records (#5) response, not an > NXDOMAIN. However, RFC 2308 allows NXDOMAIN even when the domain exists, to > indicate that there are no records of any type under the query name. So it > is essential for interoperability that caches not draw the above conclusion.
After reading RFC2308 a couple of times, I think the situation described is: -a- the original QNAME has a CNAME RR attached and -b- the end of the CNAME chain points to a domain that does not exist Note: -b- is a non-existing domain, not a domain without any RRs. RFC 1034 does say this in 4.3.1: " If recursive service is requested and available, the recursive response to a query will be one of the following: [...] - A name error indicating that the name does not exist. This may include CNAME RRs that indicate that the original query name was an alias for a name which does not exist. [...] " Again: "... name which does not exist.", not "empty RR set". So: - answer NXDOMAIN but with CNAME RR means: the domain does exist, but the one it is pointing to does not. - answer NXDOMAIN without CNAME RR means: the domain does not exist. Resource records are not important, except the CNAME RR in a chain to be followed. In other words: NXDOMAIN really means a domain did not exist. The only thing that caches need to be aware of, is that it may not be the original QNAME that does not exist. your thoughts? _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
