Hello.

I think I've found a serious flaw in TP-Link DDNS service. Responses of authoritive DNS servers (ns1.tplinkdns.com and ns2.tplinkdns.com) for *.tplinkdns.com zone are incorrect in case of AAAA (IPv6) queries. I know that TP-link DDNS lacks of support for IPv6 and will not ask for adding it. But currently AAAA query to any domain in *.tplinkdns.com zone returns NXDOMAIN instead of NOERROR+NODATA. NXDOMAIN should be returned only and only if there is no domain registered at all. Returning NXDOMAIN in response to AAAA queries for registered domains violates RFC4074, section-4.2 and RFC6147, section-5.1.2. It can lead to DNS cache poisoning (especially on Windows PCs connected to ISP directly, without router), preventing further connections to TP-Link DDNS hosts.

Example:

Client performs AAAA query:

Result (NXDOMAIN, no domain exists) is cached and there will be no further attempts to perform A (IPv4) query to our host! The expected behaviour should be like following:

*192.168.100.1 is my local dnsmasq resolver, which has workarounds for incorrect NXDOMAIN responses from upstream servers.

Please kindly fix this. Thanks.

P.S. And sorry for my bad English. ;)