[PR #1137] [MERGED] Return REFUSED instead of NXDOMAIN when server is not an authority #2004

Closed
opened 2026-03-16 04:24:19 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/1137
Author: @AnIrishDuck
Created: 6/18/2020
Status: Merged
Merged: 6/19/2020
Merged by: @bluejekyll

Base: masterHead: master


📝 Commits (4)

  • 2e24322 Allow logger statement to work with multiple tests
  • df203bb Return Refused instead of NXDomain when not an authority for query
  • 7f9c2e9 Fix for clippy
  • 90e343b cargo fmt

📊 Changes

3 files changed (+23 additions, -5 deletions)

View changed files

📝 crates/server/src/authority/catalog.rs (+1 -1)
📝 crates/server/src/store/in_memory/authority.rs (+6 -1)
📝 crates/server/tests/authority_battery/basic.rs (+16 -3)

📄 Description

This is par for the course for most authoritative servers I could find, for example:

fmurphy@Franks-MacBook-Pro server % dig @ns1.google.com example.com                  

; <<>> DiG 9.10.6 <<>> @ns1.google.com example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10372
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

If you hop into the RFC, it seems pretty clear cut:

                3               Name Error - Meaningful only for
                                responses from an authoritative name
                                server, this code signifies that the
                                domain name referenced in the query does
                                not exist.

                5               Refused - The name server refuses to
                                perform the specified operation for
                                policy reasons.  For example, a name
                                server may not wish to provide the
                                information to the particular requester,
                                or a name server may not wish to perform
                                a particular operation (e.g., zone

I've probably missed some places, and can amend this PR as necessary.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/1137 **Author:** [@AnIrishDuck](https://github.com/AnIrishDuck) **Created:** 6/18/2020 **Status:** ✅ Merged **Merged:** 6/19/2020 **Merged by:** [@bluejekyll](https://github.com/bluejekyll) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (4) - [`2e24322`](https://github.com/hickory-dns/hickory-dns/commit/2e24322f80303a976463e7350492263b3d2197c6) Allow logger statement to work with multiple tests - [`df203bb`](https://github.com/hickory-dns/hickory-dns/commit/df203bb2858a48657e479f1356e87b9a768fb754) Return Refused instead of NXDomain when not an authority for query - [`7f9c2e9`](https://github.com/hickory-dns/hickory-dns/commit/7f9c2e917e506408d77e2be7013fbc5c6bdee8d7) Fix for clippy - [`90e343b`](https://github.com/hickory-dns/hickory-dns/commit/90e343b16ba8853ad229d4d3c9bcae27d07beebb) cargo fmt ### 📊 Changes **3 files changed** (+23 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `crates/server/src/authority/catalog.rs` (+1 -1) 📝 `crates/server/src/store/in_memory/authority.rs` (+6 -1) 📝 `crates/server/tests/authority_battery/basic.rs` (+16 -3) </details> ### 📄 Description This is par for the course for most authoritative servers I could find, for example: ``` fmurphy@Franks-MacBook-Pro server % dig @ns1.google.com example.com ; <<>> DiG 9.10.6 <<>> @ns1.google.com example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 10372 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ``` If you hop into the [RFC](https://tools.ietf.org/html/rfc1035), it seems pretty clear cut: ``` 3 Name Error - Meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist. 5 Refused - The name server refuses to perform the specified operation for policy reasons. For example, a name server may not wish to provide the information to the particular requester, or a name server may not wish to perform a particular operation (e.g., zone ``` I've probably missed some places, and can amend this PR as necessary. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-16 04:24:19 +03:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#2004
No description provided.