Hi Andrey, On Fri, 2023-12-15 at 18:47 +0300, Andrey Sedletsky via Pdns-users wrote: > Good day! > Andrey Sedletsky, PJSC MGTS (Moscow City Telephone Network) > One of our clients contacted us with a problem about the inability to > resolve the resources of their zone through the DNS servers (pdns- > recursor) of our network (mwscdn.ru ). > In this case, the problem is of a floating nature. > If you look at the server cache, you can see negative entries for NS > servers in their zone when the resource is resolved > topf66787c7.mwscdn.ru > (at the same time, the resource itself resolves successfully):
DNSViz [1] reports that the nameservers respond NXDomain for AAAA queries. When this gets into the cache, the resolver will indeed decide that the name does not exist. This is a problem with the auhtoritative servers. They should not send NXDomain for *types* that don't exist, but a NOERROR with the SOA in the AUTHORITY section of the response. See RFC 2308 Section 1, on NODATA [2]. Good luck in solving this issue. Cheers, Pieter 1 - https://dnsviz.net/d/ns2.mwscdn.ru/ZX_27w/dnssec/ 2 - https://datatracker.ietf.org/doc/html/rfc2308 _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users