NXDOMAIN for c.b.a simply means that there is no RR for c.b.a.
It tells you absolutely nothing about the existence of an RR for
d.c.b.a, and any recursive resolver that synthesized results for such
based on any RRset for c.b.a would be, simply, broken.
You might want to look at RFC 4592, particularly section 2.2.2,
which explains this corner of DNS arcana and the difference between
NOERROR and NXDOMAIN.
But you're in good company, since a lot of people who write alleged
DNS software haven't read it either.
platter:test steve$ host 0.0.127.sbl.spamhaus.org
Host 0.0.127.sbl.spamhaus.org not found: 3(NXDOMAIN)
platter:test steve$ host 2.0.0.127.sbl.spamhaus.org
2.0.0.127.sbl.spamhaus.org has address 127.0.0.2
The guy who wrote rbldnsd didn't read RFC 4592.
platter:test steve$ host c.b.a.tupid.org
Host c.b.a.tupid.org not found: 3(NXDOMAIN)
platter:test steve$ host d.c.b.a.tupid.org
d.c.b.a.tupid.org has address 127.0.0.1
Nor did the guy who wrote whatever free01.editdns.net is running. I
can't tell what it is, since the usual chaos version.bind query
produces a bogus result that suggests he didn't read section 3.2 of
RFC 1035, either.
I agree that synthesizing results would be risky, since there is a
substantial amount of DNS software that doesn't properly report the
difference between NOERROR and NXDOMAIN. If DNS servers followed the
specs, it should work, perhaps in a more perfect world than this one.
With that said, I still like my b-tree hack, which makes queries that
shouldn't get either NOERROR or NXDOMAIN, a lot better as a way to
publish ranges of addresses in a DNSxL.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg