On Tue, Jan 4, 2011 at 10:44 PM, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
NXDOMAIN for c.b.a simply means that there is no RR for c.b.a.
It tells you absolutely nothing about the existence of an RR for
d.c.b.a, and any recursive resolver that synthesized results for such
based on any RRset for c.b.a would be, simply, broken.
You might want to look at RFC 4592, particularly section 2.2.2,
which explains this corner of DNS arcana and the difference between
NOERROR and NXDOMAIN.
That's the joy of standards - you can never have too many of them.
RFC 1034 implies that NXDOMAIN means that the domain does not exist, and
thus it would not be possible for any sub-domains to exist (although if you
squint hard enough whilst reading it you can actually make it say the
RFC 2308 states that a response of NXDOMAIN does NOT means that the domain
doesn't exist, and thus it's feasible for a there to be sub-domains even on
an NXDOMAIN response.
Then there's RFC 2535, 4592 and probably a few others which even further
muddy the waters.
At best, this is a vague area, and the only correct thing to do is to not
presume any specific behavior - the only guarantee is that different
nameservers are going to act differently.
Asrg mailing list