Bob Halley (maintainer of dnspython) provided the following answer. It's not a bug. I should use dns.query.udp()
instead.
You should probably use dns.query.udp() if you're querying an authoritative server. dns.resolver.Resolver's query is meant to go to a recursive server. From the resolver's standpoint, NoAnswer is the right thing to raise because the response is a delegation and not "the answer".
$ dig @192.48.79.30 stackoverflow.com. ns
; <<>> DiG 9.8.3-P1 <<>> @192.48.79.30 stackoverflow.com. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31192
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;stackoverflow.com. IN NS
;; AUTHORITY SECTION:
stackoverflow.com. 172800 IN NS ns1.serverfault.com.
stackoverflow.com. 172800 IN NS ns2.serverfault.com.
;; ADDITIONAL SECTION:
ns1.serverfault.com. 172800 IN A 198.252.206.80
ns2.serverfault.com. 172800 IN A 198.252.206.81
;; Query time: 293 msec
;; SERVER: 192.48.79.30#53(192.48.79.30)
;; WHEN: Sat Dec 7 15:48:48 2013
;; MSG SIZE rcvd: 115