DNS SOA record - MNAME is empty (just a zero byte)
Short Question
Is an empty MNAME valid at all? Can it ultimately impact clients, like Windows PCs or smartphones?
My situation
I'm debugging an issue where resolving a host name in an Android app sometimes gets stuck in a native call to the standard Android Bionic function for resolving host names. The call sometimes returns after a few seconds, sometimes after e.g. 15 minutes (!). However, when calling the native function right before it's being called from Java, with a specific request to only resolve the IPv4 address of the host name, the call returns immediately. If then calling the function again and requesting the IPv6 address of the host name, it gets stuck. So it must be DNS IPv6 related.
I've Wireshark'ed and dig'ed a bit, host name and IP addresses are replaced with dummies in the following.
IPv4 dig
This is a standard response:
$ dig sub.domain.de -t A
; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> domain.de -t A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub.domain.de. IN A
;; ANSWER SECTION:
domain.de. 5771 IN A 111.111.111.111
;; AUTHORITY SECTION:
. 8267 IN NS i.root-servers.net.
. 8267 IN NS c.root-servers.net.
. [...]
;; Query time: 3 msec
;; SERVER: 172.16.0.90#53(172.16.0.90)
;; WHEN: Wed Feb 24 16:02:52 CET 2021
;; MSG SIZE rcvd: 283
IPv6 dig
The IPv6 response doesn't contain an answer, as there doesn't seem to be an IPv6 address assigned to the host name. However, it contains an SOA record with the MNAME being set to a zero byte.
$ dig sub.domain.de -t AAAA
; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> sub.domain.de -t AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27732
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sub.domain.de. IN AAAA
;; AUTHORITY SECTION:
domain.de. 599 IN SOA . admin.domain.de. 2021022401 10800 3600 604800 600
;; Query time: 29 msec
;; SERVER: 172.16.0.90#53(172.16.0.90)
;; WHEN: Wed Feb 24 15:57:07 CET 2021
;; MSG SIZE rcvd: 102
The above dig depicts the MNAME as a dot '.', but when inspecting the Wireshark response I can see that the MNAME field is just a zero byte.
Long Questions
- Is an empty MNAME field valid at all? RIPE NCC Recommendations for DNS SOA Values says: "The DNS specification explicitly states that the primary master server be named here. The value must be determined and used. [...]"
- Is it possible that the Android DNS resolver gets confused by this, desperately trying to resolve the host name against a primary name server with undefined name?
- Is an RCODE of NOERROR legitimate for a host name for which no IPv6 address is specified? Shouldn't that be NXDOMAIN, since the host name doesn't exist in the IPv6 sphere? Or is that response perfectly valid?
- It's a technically possible value for the field, but as you noted it's not really valid in the sense that
.
isn't actually the name of a nameserver. - Unlikely, as the
SOA
MNAME
isn't really used for normal lookups. While theNS
records are crucial for finding nameservers in the normal lookup process, theSOA
MNAME
is only used in some specific cases where it matters which server is the "master" (like some defaults for NOTIFY and UPDATE messages). - Yes.
NOERROR
+SOA
in the authority section is what is called aNODATA
response. It's a negative response that just says that the requested record type does not exist at that name, unlikeNXDOMAIN
which says that the name doesn't exist at all.