[Pdns-users] unwanted SERVFAIL with bind backend

Aki Tuomi cmouse at youzen.ext.b2.fi
Thu Jun 27 17:21:19 UTC 2013

On Thu, Jun 27, 2013 at 03:03:51PM +0200, Matthias Leopold wrote:
> hi,
> i'm using powerdns authoritative nameserver on debian 5
> with bind backend. the server is configured to give authoritative
> answers only, does no recursion. when i query for unconfigured
> domains i get 'SERVFAIL', on a similar real bind 9 server i get
> 'REFUSED'. austrian top level domain registry nic.at requires
> 'REFUSED' or 'NXDOMAIN' for such queries. how do i do this with
> powerdns? which of my config options do you need?
> thx for help
> matthias


First of all, might I suggest you upgrade to at least due to some
nasty bugs in your version, or better yet, 3.2. (or 3.3 as it comes out
very soon). 3.2 can be run with your current installation, as long as you 
do not enable dnssec, and make sure that you look at the possible changes
in configuration.

3.2 will reply with 'NOERROR' for any non-existing domain, and I am not aware
how to change this, spare altering the code. sending REFUSED is ok, but 
replying with NXDOMAIN is basically claiming that "yeah, i am sure this does
not exists anywhere". 

Aki Tuomi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130627/b899a057/attachment-0001.sig>

More information about the Pdns-users mailing list