[Pdns-users] Question about behavior when settings invalid IP in domain A record

[Kevin P. Fleming]

On Wed, Jul 31, 2024, at 17:22, Jorge Bastos via Pdns-users wrote:
> Hi Brian,
> 
> On 2024-07-27 11:13, Brian Candler via Pdns-users wrote:
> 
>> On 27/07/2024 10:07, Jan-Piet Mens via Pdns-users wrote:
>>>> DOMANIN.TLD IN A 185.99.65.7777
>>> 
>>> interesting IP address.
>> Indeed.  The OP emphasised that this is literally the invalid IP address they put in. If the first three octets are correct then the prefix belongs to a Czech internet exchange.
>> 
>> I think the point was, how is PowerDNS expected to handle malformed IP addresses? But without knowing the actual domain, we can't tell why they started to get NXDOMAIN as the OP claimed, and not (for example) SERVFAIL or NOERROR.
>> 
>> I guess if they've already changed it and the problem has gone away, there's nothing to be learned now.
>> 
> 
> yes, the invalid IP was on purpose, to disable the access to the domain's website.
> The point is, should pdns return SERVFAIL for ALL records because i inserted an invalid IP ADDRR in the domain's A record ?
> Shouldn't pdns just return the IP as it was inserted?
> 

An 'A' RR is DNS is not just a database entry which can contain anything at all; it has a defined format and valid values. It should not be surprising to hear that PowerDNS Auth treated the entire zone as invalid when it found an invalid A record value in the zone. There's a very good chance that it is not actually possible for it to return '185.99.65.7777' in a response to a query for an A record, since there are only 32 bits in the RDATA field for records of type 'A'.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20240731/8c8a3506/attachment.htm>