You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Additional context
A test version of these repro steps can be found in the dnssec-tests repo
This might be related to #2099 but in this case there are no CNAMEs or wildcards
EDIT1: noted which Cargo features were enabled
EDIT2: remove _cache_size options from named.toml since they are optional settings
EDIT3: clarify that the linux distribution is Debian
The text was updated successfully, but these errors were encountered:
There's an interesting case where it's NXDOMAIN if there are no other records at that name, but if there are any, then it's supposed to be NOERROR and no record to indicate other records besides the one queried do exist at that name.
using CLI resolver from our library, I'm getting an A record at that name:
> resolve doesnotexist.nameservers.com
Querying for doesnotexist.nameservers.com A from udp:8.8.8.8:53, tcp:8.8.8.8:53, udp:8.8.4.4:53, tcp:8.8.4.4:53, udp:[2001:4860:4860::8888]:53, tcp:[2001:4860:4860::8888]:53, udp:[2001:4860:4860::8844]:53, tcp:[2001:4860:4860::8844]:53
Success for query doesnotexist.nameservers.com IN A
doesnotexist.nameservers.com. 7200 IN A 208.91.197.132
using CLI resolver from our library, I'm getting an A record at that name:
that's because that CLI resolver has internet access and access to the public DNS network. I guess something similar if I run dig @1.1.1.1 A doesnotexist.nameservers.com (note the public DNS resolver 1.1.1.1)
In contrast to that, all the nodes in the test are in a private, local network with no internet access so they never contact root servers like a.root-servers.net. the name servers in the tests do not contain a doesnotexist.nameservers.com A record; nor wildcard records that would match the A doesnotexist.nameservers.com query
Describe the bug
What the title says
To Reproduce
nsd 4.6.1
for all the nameservers)hickory-dns
as a resolver with root hint set toprimary2.nameservers.com.
(which has the. SOA
record)NOTE:
hickory-dns
was built with therecursor
feature enabled/etc.named.toml
/etc/root.hints
dig A doesnotexist.nameservers.com.
tohickory-dns
Expected behavior
I don't know if the RFCs leave this scenario unspecified but both BIND (
named
) andunbound
return NXDOMAIN.named
`dig` output
unbound
`dig` output
System:
rust:1-slim-bookworm
(Docker image)Version:
Crate:
hickory-dns
Version: 6334a01
Additional context
A test version of these repro steps can be found in the dnssec-tests repo
This might be related to #2099 but in this case there are no CNAMEs or wildcards
EDIT1: noted which Cargo features were enabled
EDIT2: remove
_cache_size
options fromnamed.toml
since they are optional settingsEDIT3: clarify that the linux distribution is Debian
The text was updated successfully, but these errors were encountered: