[Pdns-users] Force NXDOMAIN status response

Giovanni Vecchi g.vecchi at certego.net
Thu Apr 30 14:55:04 UTC 2020

Hi Brian,

auth is 4.3.0 and it reply with REFUSED for unknown zones because of that:

On Thu, 30 Apr 2020 at 16:49, Brian Candler <b.candler at pobox.com> wrote:

> On 30/04/2020 14:47, Giovanni Vecchi via Pdns-users wrote:
> is there a way to force pdns recursor to reply with NXDOMAIN instead of
> SERVFAIL in case of REFUSED replies by auth?
> The scenario is the following:
> - auth zones: good.beer and its subdomains
> - rec forward every *.good.beer query to auth
> In case clients ask for a non existent good.beer subdomain, auth will
> reply with REFUSED to rec and rec will reply with SERVFAIL to client.
> What are you running for the auth server?
> If the auth server is authoritative for good.beer, why isn't it responding
> with NXDOMAIN for a non-existent subdomain?


Giovanni Vecchi
Infrastructure Lead Engineer, Certego
<http://twitter.com/Certego_IRT>  <http://github.com/certego>
Use of the information within this document constitutes acceptance for
use in an "as is" condition. There are no warranties with regard to
this information; Certego has verified the data as thoroughly as
possible. Any use of this information lies within the user's
responsibility. In no event shall Certego be liable for any
consequences or damages, including direct, indirect, incidental,
consequential, loss of business profits or special damages, arising
out of or in connection with the use or spread of this information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20200430/14a21447/attachment.htm>

More information about the Pdns-users mailing list