Return DNS no-error with empty answer if we have a matching name

but the query is for a record type we don't support.

nameserver/dns.go

@@ -134,7 +134,7 @@ func (d *DNSServer) createMux(client *dns.Client, defaultMaxResponseSize int) *d
 
 func (h *handler) handleLocal(w dns.ResponseWriter, req *dns.Msg) {
 	h.ns.debugf("local request: %+v", *req)
-	if len(req.Question) != 1 || req.Question[0].Qtype != dns.TypeA {
+	if len(req.Question) != 1 {
 		h.nameError(w, req)
 		return
 	}
@@ -149,6 +149,10 @@ func (h *handler) handleLocal(w dns.ResponseWriter, req *dns.Msg) {
 		h.nameError(w, req)
 		return
 	}
+	// Per RFC4074, if we have an A but AAAA was requested, return 'no error' and empty answer section
+	if req.Question[0].Qtype != dns.TypeA {
+		h.respond(w, h.makeResponse(req, nil))
+	}
 
 	header := dns.RR_Header{
 		Name:   req.Question[0].Name,
@@ -204,7 +208,7 @@ func (h *handler) handleRecursive(w dns.ResponseWriter, req *dns.Msg) {
 	h.ns.debugf("recursive request: %+v", *req)
 
 	// Resolve unqualified names locally
-	if len(req.Question) == 1 && req.Question[0].Qtype == dns.TypeA {
+	if len(req.Question) == 1 {
 		hostname := dns.Fqdn(req.Question[0].Name)
 		if strings.Count(hostname, ".") == 1 {
 			h.handleLocal(w, req)

test/250_dns_negative_test.sh

@@ -7,9 +7,8 @@ start_suite "Negative DNS queries"
 weave_on $HOST1 launch
 start_container_with_dns $HOST1 --name c1
 
-# unsupported query types, unknown names, and unknown domains should
-# all trigger NXDOMAIN
-assert_raises "exec_on $HOST1 c1 dig MX c1.weave.local | grep -q 'status: NXDOMAIN'"
+# unsupported query types, unknown names, and unknown domains
+assert_raises "exec_on $HOST1 c1 dig MX c1.weave.local | grep -q 'status: NOERROR'"
 assert_raises "exec_on $HOST1 c1 dig A  xx.weave.local | grep -q 'status: NXDOMAIN'"
 assert_raises "exec_on $HOST1 c1 dig A  xx.invalid     | grep -q 'status: NXDOMAIN'"