dnspython raises NoAnswer in spite of query answer

Question

When I use dnspython to query an authoritative name server for NS records, it raises a NoAnswer exception, despite the fact that my packet capture shows that a proper response was received.

Example: ask j.gtld-servers.net (192.48.79.30) for NS records for stackoverflow.com

>>> import dns.resolver
>>> r = dns.resolver.Resolver()
>>> r.nameservers = ['192.48.79.30']
>>> for answer in r.query('stackoverflow.com', 'NS'):
...     print answer.to_text()
... 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 905, in query
    raise_on_no_answer)
  File "/usr/local/lib/python2.7/dist-packages/dns/resolver.py", line 142, in __init__
    raise NoAnswer
dns.resolver.NoAnswer
>>>

Wireshark shows that an answer did, in fact, come back:

Frame 2: 157 bytes on wire (1256 bits), 157 bytes captured (1256 bits)
Ethernet II, Src: xxxxxxxxxxxxxx (xx:xx:xx:xx:xx:xx), Dst: xxxxxxxxxxxxx (xx:xx:xx:xx:xx:xx)
Internet Protocol Version 4, Src: 192.48.79.30 (192.48.79.30), Dst: xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55100 (55100)
Domain Name System (response)
    [Request In: 1]
    [Time: 0.278279000 seconds]
    Transaction ID: 0xb6f5
    Flags: 0x8100 (Standard query response, No error)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 2
    Additional RRs: 2
    Queries
    Authoritative nameservers
        stackoverflow.com: type NS, class IN, ns ns1.serverfault.com
        stackoverflow.com: type NS, class IN, ns ns2.serverfault.com
    Additional records
        ns1.serverfault.com: type A, class IN, addr 198.252.206.80
        ns2.serverfault.com: type A, class IN, addr 198.252.206.81

A query with dig @192.48.79.30 stackoverflow.com ns succeeds and provides the same answer shown in the packet capture above.

Interestingly, host -t NS stackoverflow.com 192.48.79.30 fails with a response "stackoverflow.com has no NS record" and in that case the packet capture, once again, shows that a response is being received.

Why isn't dnspython properly processing the response to this query?

Answer 1

Bob Halley (maintainer of dnspython) provided the following answer. It's not a bug. I should use dns.query.udp() instead.

You should probably use dns.query.udp() if you're querying an authoritative server. dns.resolver.Resolver's query is meant to go to a recursive server. From the resolver's standpoint, NoAnswer is the right thing to raise because the response is a delegation and not "the answer".

$ dig @192.48.79.30 stackoverflow.com. ns

; <<>> DiG 9.8.3-P1 <<>> @192.48.79.30 stackoverflow.com. ns
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31192
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;stackoverflow.com. IN  NS

;; AUTHORITY SECTION:
stackoverflow.com.  172800  IN  NS  ns1.serverfault.com.
stackoverflow.com.  172800  IN  NS  ns2.serverfault.com.

;; ADDITIONAL SECTION:
ns1.serverfault.com.    172800  IN  A   198.252.206.80
ns2.serverfault.com.    172800  IN  A   198.252.206.81

;; Query time: 293 msec
;; SERVER: 192.48.79.30#53(192.48.79.30)
;; WHEN: Sat Dec  7 15:48:48 2013
;; MSG SIZE  rcvd: 115