[Pdns-users] SERVFAIL responses on malformed subdomain query

Remi Gacogne remi.gacogne at powerdns.com
Thu Oct 14 14:01:10 UTC 2021

Hi Thibaud,

On 10/14/21 15:52, Thib D via Pdns-users wrote:
> It seems like pdns auth servers are answering SERVFAIL queries when the 
> subdomain is malformed in the query. It is testable on powerdns.com 
> <http://powerdns.com> domain - which I assume is hosted on a pdns-auth 
> backend.
> [...] 
> I am not sure what is the correct answer here, but I'm only seeing this 
> on pdns-auth installations.  From the other authoritative nameservers 
> I've tested, every single one of them is answering NXDOMAIN ( isc.org 
> <http://isc.org> / knot-dns.cz <http://knot-dns.cz> / facebook.com 
> <http://facebook.com> / google.com <http://google.com> / nlnetlabs...  ) 
> in this case.

That behaviour can be configured via the 8bit-dns parameter [1], which 
default to false. It used to be an issue for some PowerDNS backends but 
my understanding is that it should be safe to turn it on nowadays.

[1]: https://doc.powerdns.com/authoritative/settings.html#bit-dns

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211014/15227e21/attachment.sig>

More information about the Pdns-users mailing list