[Dnsmasq-discuss] wrong response code for no SRV record

/dev/rob0 rob0 at gmx.co.uk
Tue May 4 09:13:17 BST 2010 

[ top-posting fixed ]

> Simon Kelley wrote:
> > I think you have mis-interpreted the way this works. NXDOMAIN 
> > means that there is no data in the DNS for the given domain. That 
> > is not what's happening here. The example line returns a valid 
> > SRV record for _ldap._tcp.example.com which happens to be empty. 
> > The "domain" refers to _ldap._tcp.example.com and not the domain 
> > which may be returned as part of the reply.
> >
> > Have you encountered real-world problems with the existing 
> > behaviour?

On Sat, May 01, 2010 at 02:59:25PM +0530, Rahul Amaram wrote:
> Well yes. I have encountered some problems with this. I am using 
> Kerberos in my company LAN. While performing kinit on my system, 
> the SRV record for _kerberos-master.udp.EXAMPLE.COM is looked up. 

Show the dig(1) results to demonstrate this. Is EXAMPLE.COM your 
company LAN domain? Does _kerberos-master.udp.EXAMPLE.COM exist in 
the form of any RR type, SRV or otherwise?

Show what Kerberos is actually looking up. Is it as you said, 
_kerberos-master.udp.EXAMPLE.COM, or is is perhaps as per the 
documented LDAP example, "_kerberos-master._udp.EXAMPLE.COM"?

> Now if an NXDOMAIN is not returned but instead the default port 1 
> with empty host is returned, the kinit command tries to further 
> resolve that empty host (which I think is replaced with <ROOT> 
> somehow) and this causes a extereme slowdown of kinit.
> 
> I think there should be some configuration option to say that an 
> NXDOMAIN should be returned for a particular SRV record. This
> would be really helpful. What are your thoughts about this?

Useless. NXDOMAIN, as Simon explained, means that there is no record 
of any RR type for the given name. If you want NXDOMAIN, define 
yourself as authoritative for any level of the parent domain[s] in 
question.
    local=/EXAMPLE.COM/
or, if you only want the SRV subdomains:
    local=/_tcp.EXAMPLE.COM/
    local=/_udp.EXAMPLE.COM/

Then, any name NOT defined under those domains will be NXDOMAIN. I 
suspect you have misdiagnosed your original issue.
-- 
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header

More information about the Dnsmasq-discuss mailing list