mirror of
https://github.com/hickory-dns/hickory-dns.git
synced 2026-04-25 11:15:54 +03:00
[GH-ISSUE #2095] Querying a non-existant record doesn't return NoRecordsFound with DNSSEC validation turned on. #883
Labels
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/hickory-dns#883
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @teythoon on GitHub (Nov 22, 2023).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2095
Describe the bug
Querying a non-existant domain returns NoRecordsFound, but when I turn on DNSSEC validation, a different, free-form protocol error is returned. It'd be nice to return NoRecordsFound so that we can robustly match on that.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
In contrast, when I disable DNSSEC validation and do the same query, I get:
A clear and concise description of what you expected to happen.
System:
Version:
Crate: hickory-{client,server,resolver}
Version: 0.24.0
@bluejekyll commented on GitHub (Nov 26, 2023):
I'm doing a fairly big change to how DNSSEC is evaluated in this PR: #2084, which I think should resolve this issue, if I understand it correctly. Rather than returning an error, we're going to return records in all cases and associate a proof with the value.