[sdnog] DNS servfail vs nxdomain

[Daniel Shaw]

Hi Samir,

Certainly. And it's quite an important difference.

In both cases you don't get any result. Of course.

But remember that usually, you ask a caching resolver server (your ISP's or your organisation's or a public one like 8.8.8.8).

The resolver asks the authoritative name server for the given domain on your behalf.

In the case of SRVFAIL - It means either the authoritative server could not be reached, or didn't answer to DNS queries on port 53.
That is, the resolver couldn't get any reply and thus any information positive or negative about the name you are trying to resolve.
And most important, as there is no actual data, nothing is cached either. And also, the resolver may then try other alternate nameservers for the domain.

In the case of NXDOMAIN, the authoritative server actually replies, but the reply is "this domain or record does not exist".
That is, the published source of information about the domain *is* answering and informing you the data you want doesn't exist.
So what is important here is that first the resolver won't try any further. This is an authoritative and definitive answer to it's query. And second, in the case of NXDOMAIN for a specific record, it'll also cache the answer for the TTL of the parent zone. And then for that time period the resolver will continue to reply NXDOMAIN from it's cache, even if the domain or record is subsequently added at the master.

Hope that helps,
Daniel







-------- Original Message --------
Subject: [sdnog] DNS servfail vs nxdomain
Local Time: January 12, 2017 11:38 AM
UTC Time: January 12, 2017 7:38 AM
From: samir.saif at sudren.edu.sd
To: Sudan NOG <sdnog at sdnog.sd>


Hi

good day

can someone explain to me what is the difference between SERVFAIL and NXDOMAIN
and in which cases I might encounter each of them ?

Samir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sdnog.sd/pipermail/sdnog/attachments/20170112/f3289c6e/attachment.html>