John Levine wrote, On 1/5/11 1:54 AM:
Er. But isn't this (a) whether you interpret NODATA (aka No Error) as
NXDOMAIN or otherwise a DNS client library and/or DNSBL query function
decision, and (b) does DNS really return "No Error" for b.a if there's
no RR for b.a, but there is one for c.b.a?
Per my previous message, the answer to (b) is yes, according to
RFC 4592, but there's a lot of buggy software that gets it wrong.
FWIW, a very quick randomish check of the DNSBL's I find interesting shows
exactly one (tor.dnsbl.sectoor.de) that answers such queries correctly other
than my own local ones which are served by BIND 9. As a cache, BIND 9 will
cache and serve a NXDOMAIN answer that should really be NODATA/NOERROR, even
if it has cached records under the supposed NXDOMAIN.
The point: getting this wrong is the norm in the DNSBL space. It may be due
to buggy software, but the bug is endemic.
Asrg mailing list