NOERROR when NXDOMAIN expected

Tue Feb 27 14:37:00 UTC 2001

On 27 Feb 2001, Rainer Ginsberg wrote:

> Hello group,
> 
> I need an explanation for an unexpected (at least to me) behaviour 
> of BIND 8.2.3-REL. Maybe someone of you can help me.
> 
> The nameserver is responsible for a zone, say example.com. There is 
> no A record for example.com. When I query the nameserver for this 
> A record, I would expect an NXDOMAIN. But instead, I get a NOERROR 
> with an empty answer section and an authority section with the 
> SOA record.
> 
> This is dig's output:
> 
> # dig @ns1.fe.internet.bosch.com. example.com. a +norec
> 
> ; <<>> DiG 8.3 <<>> @ns1.fe.internet.bosch.com. example.com. a +norec 
> ; (1 server found)
> ;; res options: init defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50377
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      example.com, type = A, class = IN
> 
> ;; AUTHORITY SECTION:
> example.com.  4D IN SOA  ns1.fe.internet.bosch.com. hostmaster.bosch.de. (
>                          2001022700      ; serial
>                          1D              ; refresh
>                          6H              ; retry
>                          2W              ; expiry
>                          4D )            ; minimum
> 
> 
> ;; Total query time: 2 msec
> ;; FROM: proxy.fe.internet.bosch.de to SERVER: ns1.fe.internet.bosch.com.  
> 10.4.4.13
> ;; WHEN: Tue Feb 27 11:19:11 2001
> ;; MSG SIZE  sent: 29  rcvd: 106

A NXDOMAIN in an answer means that there is no such domain name. That is
different then what you probably expected: No such domain name with type
A.

You would only get a NXDOMAIN if the name you specified is not in the
zone. Example.com _is_ in the list.

The behaviour you described is normal.

Roy Arends
Nominum