Host sometimes Succeeds with Empty Output

Martin McCormick martin at dc.cis.okstate.edu
Fri Sep 14 18:05:19 UTC 2012 

Kevin Darcy writes:
> I don't use "host" very much, but I would assume it returns a "successful"
> exit code as long as the RCODE of the response is NOERROR. This would
> explain the behavior you are seeing, since by creating a name
> "www.physicscourses.okstate.edu", if its parent
> "physicscourses.okstate.edu" owns no records, it's still an "empty
> non-terminal" and will return NOERROR instead of NXDOMAIN when queried.

	Thank you! I suspected that sort of thing from the
beginning because when I have run in to this behavior before,
the response occurred when there were similar records in the
zone that might look like parents and I wondered if that was
what was going on. I wasn't sure enough, however, to not have
doubts.

> 
> This may seem strange to the current generation of DNS admins, who would 
> be
> more likely (from experiences in the Relational Database world, for
> instance) to think of the DNS database as nothing more than a collection 
> of
> records keyed by (class, owner, type). But the older generation who
> designed the DNS thought of it more in a hierarchical fashion, like a 
> tree,
> and a branch (point in the hierarchy) still exists even if no leaves
> ("terminal" records like A, PTR, MX, SRV, etc.) grow on it, right? An
> argument has been made in the past that returning NXDOMAIN for empty
> non-terminals is dangerous because resolvers, as an optimization, might
> apply that negative caching entry to the entire tree -- "prune" it, so to
> speak -- from that point downwards, thus erroneously "disappearing" leaf
> nodes further down in the hierarchy, for the duration of the
> negative-caching TTL. I don't know, however, if anyone has proven that
> there are any resolvers that are smart enough (arguably, reckless enough)
> to actually perform this kind of "pruning" optimization.

	I sure hope not. Can you imagine the sort of random
havoc and instability this would create? John Q. Public has XYZ
browser that has this behavior and now he can't get to this or
that site because some unrelated record has what amounts to a
similar-looking name.

	Jane Doe's browser is a little older and she makes it to
the site just fine and everybody's scratching their heads. The
phones ring and ring and the voices are just sure that DNS is
broken. What a nightmare!

	Anyway, thanks for reen forcing what I was more or less
suspecting. I might then capture the output from host and if it
is not null and the exit status is 0, the node probably
resolved.

Martin

More information about the bind-users mailing list