--- Begin Message ---
Hi,
Public resolvers commonly avoid sending queries for locally served zones to
the "blackhole" servers (AS112), instead, they synthesize NXDOMAIN
responses directly.
We can see the same behavior from public DNS resolvers. The missing OPT RR
from 1.1.1.1 apparently is a bug that will be fixed soon.
$ dig @1.1.1.1 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd +nostat
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11703
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;1.0.0.10.in-addr.arpa. IN PTR
$ dig @8.8.8.8 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd +nostat
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9790
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 512
;; QUESTION SECTION:
;1.0.0.10.in-addr.arpa. IN PTR
$ dig @9.9.9.9 1.0.0.10.in-addr.arpa ptr +edns +dnssec +nocmd +nostat
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54612
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
;; QUESTION SECTION:
;1.0.0.10.in-addr.arpa. IN PTR
On Fri, Feb 20, 2026 at 8:19 AM Tatsuya Jinmei via dns-operations <
[email protected]> wrote:
>
>
>
> ---------- Forwarded message ----------
> From: Tatsuya Jinmei <[email protected]>
> To: "[email protected]" <[email protected]>
> Cc:
> Bcc:
> Date: Fri, 20 Feb 2026 07:07:47 +0000
> Subject: 1.1.1.1 omits EDNS OPT RR when serving "locally served zones"
> Hi dns-operators,
>
> I've recently noticed that 1.1.1.1 omits EDNS OPT RR in its response to
> certain queries, e.g.:
>
> % dig @1.1.1.1 1.0.0.10.in-addr.arpa ptr +edns
>
> ; <<>> DiG 9.18.20 <<>> @1.1.1.1 1.0.0.10.in-addr.arpa ptr +edns
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61776
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;1.0.0.10.in-addr.arpa. IN PTR
>
> ;; Query time: 2 msec
> ;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
> ;; WHEN: Thu Feb 19 22:51:21 PST 2026
> ;; MSG SIZE rcvd: 39
>
> (It also omits SOA in the authority section). It includes OPT RR (and
> SOA in the case of NXDOMAIN) for other cases like x.root-servers.net
> (resulting in NXDOMAIN) or 4.0.41.198.in-addr.arpa/PTR.
>
> After trying various queries, it looks like this happens when the
> query name is listed in RFC6303.
>
> Is this a known behavior (I couldn't find any report on the net, thus
> asking here)? And, does anyone know the rationale of this behavior?
>
> Thanks,
>
> --
> jinmei
>
>
>
> ---------- Forwarded message ----------
> From: Tatsuya Jinmei via dns-operations <[email protected]>
> To: "[email protected]" <[email protected]>
> Cc:
> Bcc:
> Date: Fri, 20 Feb 2026 07:07:47 +0000
> Subject: [dns-operations] 1.1.1.1 omits EDNS OPT RR when serving "locally
> served zones"
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
--
*Hunts Chen* | Systems Engineer
[email protected]
cell: +1 (626) 898-0153 <+16268980153>
Kirkland, WA
<https://www.cloudflare.com/>
1 888 99 FLARE | www.cloudflare.com
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
