starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 04:45:48 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #257] acme-dns returns NXDOMAIN for A records of existing subdomains rather than NOERROR with empty answer #129

New issue
Open
opened 2026-03-13 15:51:39 +03:00 by kerem · 5 comments
kerem commented 2026-03-13 15:51:39 +03:00
Owner
Copy link

Originally created by @wiene on GitHub (Feb 18, 2021).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/257

If acme-dns is accidentally asked for an A record rather than a TXT record of an existing subdomain, it returns NXDOMAIN which might be cached for one day (due to SOA settings). If it is cached, the caching server keeps responding NXDOMAIN even if the initial error is corrected and the corresponding TXT record is requested.

A simple (pseudo-)reproducer is:

[user@host ~]$ host -t A f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com
Using domain server:
Name: acme-dns.example.com
Address: 1.2.3.4#53
Aliases: 

Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

[user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com
Using domain server:
Name: acme-dns.example.com
Address: 1.2.3.4#53
Aliases: 

f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com descriptive text "somestring"

[user@host ~]$ host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com        
Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

[user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com
Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN)

According to this blog article returning NOERROR with an empty answer would be the correct behaviour.

Originally created by @wiene on GitHub (Feb 18, 2021). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/257 If acme-dns is accidentally asked for an A record rather than a TXT record of an existing subdomain, it returns NXDOMAIN which might be cached for one day (due to SOA settings). If it is cached, the caching server keeps responding NXDOMAIN even if the initial error is corrected and the corresponding TXT record is requested. A simple (pseudo-)reproducer is: ``` [user@host ~]$ host -t A f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com Using domain server: Name: acme-dns.example.com Address: 1.2.3.4#53 Aliases: Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN) [user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com acme-dns.example.com Using domain server: Name: acme-dns.example.com Address: 1.2.3.4#53 Aliases: f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com descriptive text "somestring" [user@host ~]$ host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN) [user@host ~]$ host -t TXT f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com Host f47eea99-06c9-4a60-8134-7beac011e27f.acme.example.com not found: 3(NXDOMAIN) ``` According to this [blog article](https://prefetch.net/blog/2016/09/28/the-subtleties-between-the-nxdomain-noerror-and-nodata-dns-response-codes) returning NOERROR with an empty answer would be the correct behaviour.
kerem commented 2026-03-13 15:51:44 +03:00
Author
Owner
Copy link

@Yannik commented on GitHub (Jun 8, 2021):

Can confirm this issue.

<!-- gh-comment-id:857072084 --> @Yannik commented on GitHub (Jun 8, 2021): Can confirm this issue.
kerem commented 2026-03-13 15:51:49 +03:00
Author
Owner
Copy link

@Yannik commented on GitHub (Jun 9, 2021):

I opened a PR to fix this: https://github.com/joohoi/acme-dns/pull/264

<!-- gh-comment-id:857617431 --> @Yannik commented on GitHub (Jun 9, 2021): I opened a PR to fix this: https://github.com/joohoi/acme-dns/pull/264
kerem commented 2026-03-13 15:51:55 +03:00
Author
Owner
Copy link

@L3Nerd commented on GitHub (Dec 7, 2021):

We ran into the same problem, do you need any help with the fix?

<!-- gh-comment-id:988102845 --> @L3Nerd commented on GitHub (Dec 7, 2021): We ran into the same problem, do you need any help with the fix?
kerem commented 2026-03-13 15:52:00 +03:00
Author
Owner
Copy link

@Yannik commented on GitHub (Dec 7, 2021):

@L3Nerd My fix works perfectly fine, but @joohoi isn't really active on this project anymore and did not merge it (yet).

<!-- gh-comment-id:988103730 --> @Yannik commented on GitHub (Dec 7, 2021): @L3Nerd My fix works perfectly fine, but @joohoi isn't really active on this project anymore and did not merge it (yet).
kerem commented 2026-03-13 15:52:05 +03:00
Author
Owner
Copy link

@Yannik commented on GitHub (Dec 7, 2021):

Feel free to use it :-)

<!-- gh-comment-id:988103876 --> @Yannik commented on GitHub (Dec 7, 2021): Feel free to use it :-)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#129
No description provided.