Return NODATA instead of NXDOMAIN for missing record types (#1668)

The DNS responder was setting RCODE=NXDOMAIN (Name Error) any time the answer section was empty, including for names that exist in the lighthouse but lack a record of the requested type (e.g. an AAAA query for a v4-only host). Per RFC 2308 §2.1, NXDOMAIN means "the domain referred to by the QNAME does not exist", and per RFC 2308 §2.2 a name that exists with no record of the requested type must be answered with RCODE=NOERROR and an empty answer section (NODATA). The practical fallout: busybox ping in Alpine issues AAAA first, treats NXDOMAIN as a hard failure, and never falls through to A. Returning NODATA lets the resolver continue to the A query as it should. Track whether any queried A/AAAA name is known in either map and only set RcodeNameError when no queried name exists at all.
2026-05-16 04:47:38 +02:00 · 2026-04-21 16:32:48 -04:00
parent 8c50fc3f60
commit 32a7c04498
2 changed files with 47 additions and 8 deletions
--- a/dns_server_test.go
+++ b/dns_server_test.go
@@ -33,18 +33,43 @@ func TestParsequery(t *testing.T) {
 		netip.MustParseAddr("fd01::25"),
 	}
 	ds.Add("test.com.com", addrs)
+	ds.Add("v4only.com.com", []netip.Addr{netip.MustParseAddr("1.2.3.6")})
+	ds.Add("v6only.com.com", []netip.Addr{netip.MustParseAddr("fd01::26")})

 	m := &dns.Msg{}
 	m.SetQuestion("test.com.com", dns.TypeA)
 	ds.parseQuery(m, nil)
 	assert.NotNil(t, m.Answer)
 	assert.Equal(t, "1.2.3.4", m.Answer[0].(*dns.A).A.String())
+	assert.Equal(t, dns.RcodeSuccess, m.Rcode)

 	m = &dns.Msg{}
 	m.SetQuestion("test.com.com", dns.TypeAAAA)
 	ds.parseQuery(m, nil)
 	assert.NotNil(t, m.Answer)
 	assert.Equal(t, "fd01::24", m.Answer[0].(*dns.AAAA).AAAA.String())
+	assert.Equal(t, dns.RcodeSuccess, m.Rcode)
+
+	// A known name with no record of the requested type should return NODATA
+	// (NOERROR with empty answer), not NXDOMAIN.
+	m = &dns.Msg{}
+	m.SetQuestion("v4only.com.com", dns.TypeAAAA)
+	ds.parseQuery(m, nil)
+	assert.Empty(t, m.Answer)
+	assert.Equal(t, dns.RcodeSuccess, m.Rcode)
+
+	m = &dns.Msg{}
+	m.SetQuestion("v6only.com.com", dns.TypeA)
+	ds.parseQuery(m, nil)
+	assert.Empty(t, m.Answer)
+	assert.Equal(t, dns.RcodeSuccess, m.Rcode)
+
+	// An unknown name should still return NXDOMAIN.
+	m = &dns.Msg{}
+	m.SetQuestion("unknown.com.com", dns.TypeA)
+	ds.parseQuery(m, nil)
+	assert.Empty(t, m.Answer)
+	assert.Equal(t, dns.RcodeNameError, m.Rcode)
 }

 func Test_getDnsServerAddr(t *testing.T) {