Please keep replies on the list...
On 2025-05-21 at 14:16:09 UTC-0400 (Wed, 21 May 2025 18:16:09 +0000)
Rupert Gallagher <r...@protonmail.com>
is rumored to have said:
>> rep.mailspike.net is not even supposed to be a nameserver. I don't see why
>> you think it should have an A record
>
> NXDOMAIN is the legitimate DNS answer for a non existent domain.
Unless your resolver is broken, there's no NXDOMAIN for rep.mailspike.net, but
rather a NOERROR:
$ dig rep.mailspike.net
; <<>> DiG 9.20.6 <<>> rep.mailspike.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16558
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;rep.mailspike.net. IN A
;; Query time: 343 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed May 21 19:21:21 UTC 2025
;; MSG SIZE rcvd: 46
NOERROR with zero answer means that there's some record for rep.mailspike.net,
just no A record.
> The problem with some DNSxLs is that they respond NXDOMAIN when the query is
> negative / they have no information on a given IP.
That's the correct reply if they have no entry for the IP. I don't see how it
is a "problem."
> This makes it impossible to tell whether they are out of service, because
> they return NXDOMAIN on the server itself.
There's a RFC defining operational flags and other DNSBL best practices. See
https://datatracker.ietf.org/doc/html/rfc6471#section-3.3 for specifics.
I do not know of ANY DNSBLs that have an A record for the root domain of the
list. It would serve no purpose in most cases.
--
Bill Cole
