1. DNS/1/RCODE/NXDomain
SOA record in NXDOMAIN response means where are NO zone cuts!
- Under the name of the label of SOA record, NO zone cuts exist.
/example.jp /www.nsd.e-ontp.com
NXDOMAIN返答であっても、SOAレコードがあるとは限らない。
- どういう場合か。(クイズ)
NXDOMAIN返答であっても、Answer Sectionがあることがある。/例
https://twitter.com/tss_ontap_o/status/907832980374159361
DNS 温泉 4 の予習して悩んでいる人がもっと悩めるスレ >
"CNAME and NXDOMAIN" https://www.ietf.org/mail-archive/web/namedroppers/current/thrd8.html#06284
- …
14:07 - 2017年9月13日
2. response format
RCODE=NXDomain, AA=1
- No Answer Section
- Authority Section contains a SOA record (owner is at/below cut and at/above query name)
- No Additionl Section
https://www.ietf.org/proceedings/94/slides/slides-94-dnsop-9.pdf
https://tools.ietf.org/html/draft-ietf-dnsop-nxdomain-cut-01
NXDOMAIN really means there is nothing underneath
- draft-ietf-dnsop-nxdomain-cut-01
This document states clearly that when a DNS resolver receives a
- response with response code of NXDOMAIN, it means that the domain name which is thus denied AND ALL THE NAMES UNDER IT do not exist.
REMOVE BEFORE PUBLICATION: this document should be discussed in the
- IETF DNSOP (DNS Operations) group, through its mailing list. The source of the document, as well as a list of open issues, is currently kept at Github [1].
This documents clarifies RFC 1034 and modifies a bit RFC 2308 so it
- updates both of them.