mirror of
https://github.com/slackhq/nebula.git
synced 2026-05-16 04:47:38 +02:00
32a7c04498
The DNS responder was setting RCODE=NXDOMAIN (Name Error) any time the answer section was empty, including for names that exist in the lighthouse but lack a record of the requested type (e.g. an AAAA query for a v4-only host). Per RFC 2308 §2.1, NXDOMAIN means "the domain referred to by the QNAME does not exist", and per RFC 2308 §2.2 a name that exists with no record of the requested type must be answered with RCODE=NOERROR and an empty answer section (NODATA). The practical fallout: busybox ping in Alpine issues AAAA first, treats NXDOMAIN as a hard failure, and never falls through to A. Returning NODATA lets the resolver continue to the A query as it should. Track whether any queried A/AAAA name is known in either map and only set RcodeNameError when no queried name exists at all.
9.6 KiB
9.6 KiB