Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer #257

Open
wiene opened this issue Feb 18, 2021 · 5 comments · May be fixed by #264
Open

acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer #257

wiene opened this issue Feb 18, 2021 · 5 comments · May be fixed by #264

Comments

@wiene
Copy link

wiene commented Feb 18, 2021

If acme-dns is accidentally asked for an A record rather than a TXT record of an existing subdomain, it returns NXDOMAIN which might be cached for one day (due to SOA settings). If it is cached, the caching server keeps responding NXDOMAIN even if the initial error is corrected and the corresponding TXT record is requested.

A simple (pseudo-)reproducer is:

[user@host ~]$ host -t A f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com
Using domain server:
Name: acme-dns.example.com
Address: 1.2.3.4#53
Aliases: 

Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

[user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com
Using domain server:
Name: acme-dns.example.com
Address: 1.2.3.4#53
Aliases: 

f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com descriptive text "somestring"

[user@host ~]$ host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com        
Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

[user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com
Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

According to this blog article returning NOERROR with an empty answer would be the correct behaviour.
@Yannik
Copy link
Contributor

Yannik commented Jun 8, 2021

Can confirm this issue.

@Yannik Yannik linked a pull request Jun 9, 2021 that will close this issue
Open
@Yannik
Copy link
Contributor

Yannik commented Jun 9, 2021

I opened a PR to fix this: #264

@L3Nerd
Copy link

L3Nerd commented Dec 7, 2021

We ran into the same problem, do you need any help with the fix?

@Yannik
Copy link
Contributor

Yannik commented Dec 7, 2021

@L3Nerd My fix works perfectly fine, but @joohoi isn't really active on this project anymore and did not merge it (yet).

@Yannik
Copy link
Contributor

Yannik commented Dec 7, 2021

Feel free to use it :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix invalid nxdomain response (fixes #257) Yannik/acme-dns
3 participants
@Yannik @wiene @L3Nerd