Hi Thibaud, On 10/14/21 15:52, Thib D via Pdns-users wrote:
It seems like pdns auth servers are answering SERVFAIL queries when the subdomain is malformed in the query. It is testable on powerdns.com <http://powerdns.com> domain - which I assume is hosted on a pdns-auth backend. [...] I am not sure what is the correct answer here, but I'm only seeing this on pdns-auth installations. From the other authoritative nameservers I've tested, every single one of them is answering NXDOMAIN ( isc.org <http://isc.org> / knot-dns.cz <http://knot-dns.cz> / facebook.com <http://facebook.com> / google.com <http://google.com> / nlnetlabs... ) in this case.
That behaviour can be configured via the 8bit-dns parameter [1], which default to false. It used to be an issue for some PowerDNS backends but my understanding is that it should be safe to turn it on nowadays.
[1]: https://doc.powerdns.com/authoritative/settings.html#bit-dns Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
