[Pdns-users] SERVFAIL responses on malformed subdomain query
Remi Gacogne
remi.gacogne at powerdns.com
Thu Oct 14 14:01:10 UTC 2021
Hi Thibaud,
On 10/14/21 15:52, Thib D via Pdns-users wrote:
> It seems like pdns auth servers are answering SERVFAIL queries when the
> subdomain is malformed in the query. It is testable on powerdns.com
> <http://powerdns.com> domain - which I assume is hosted on a pdns-auth
> backend.
> [...]
> I am not sure what is the correct answer here, but I'm only seeing this
> on pdns-auth installations. From the other authoritative nameservers
> I've tested, every single one of them is answering NXDOMAIN ( isc.org
> <http://isc.org> / knot-dns.cz <http://knot-dns.cz> / facebook.com
> <http://facebook.com> / google.com <http://google.com> / nlnetlabs... )
> in this case.
That behaviour can be configured via the 8bit-dns parameter [1], which
default to false. It used to be an issue for some PowerDNS backends but
my understanding is that it should be safe to turn it on nowadays.
[1]: https://doc.powerdns.com/authoritative/settings.html#bit-dns
Best regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20211014/15227e21/attachment.sig>
More information about the Pdns-users
mailing list