View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions NXDOMAIN weirdness
Log in to Ask a Question

NXDOMAIN weirdness

networking

Noticed some strange DNS behavior today on my 'node in Newark. If I try to resolve a nonexistent hostname that is a subdomain of anything in the root zone, it searches under .members.linode.com:

$ host nonexistent-example.com
Host nonexistent-example.com.members.linode.com not found: 5(REFUSED)

If I try to resolve a bogus hostname that's not in the root zone hierarchy, I get an NXDOMAIN, as it should be.

$ host steve.jobs
Host steve.jobs.members.linode.com not found: 5(REFUSED)
$ host bill.gates
Host bill.gates not found: 3(NXDOMAIN)

My /etc/resolv.conf:

domain members.linode.com
search members.linode.com
nameserver 97.107.133.4
nameserver 207.192.69.4
nameserver 207.192.69.5

I definitely used to get all NXDOMAINs for these types of queries on this box. Any ideas?

4 Replies

When you look up a non-fully qualified domain name (i.e., one that doesn't end in "."), and it doesn't exist, the resolver then tries looking up ".". For some reason, Linode's recursive nameservers return REFUSED for things like com.members.linode.com. 'host' thinks that's weird, so it returns an error.

'host' is doing the .members.linode.com. lookup for "bill.gates", too; it just doesn't tell you about it because it received an ordinary NXDOMAIN.

@mnordhoff:

For some reason, Linode's recursive nameservers return REFUSED for things like com.members.linode.com. 'host' thinks that's weird, so it returns an error.
OK, so that's what changed. The resolvers in the other Linode datacenters I have access to don't seem to be refusing those queries. Weird. Is this just Newark? Any way to fix this behavior, other than not using the linode search domain in resolv.conf?

I wonder why the resolvers are only refusing those queries where the most significant level under members.linode.com is in the root zone. I can't think of a good reason for it.

If it only happens in newark I'd raise a ticket and ask support.

I can confirm the odd behaviour in Dallas. And so can you – the US recursive nameservers are open to any US node. (London is not, for some reason.)

I'm not filing a ticket about it, though.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct