Hello Peter.
Thanks for your answer. Maybe I found the issue: mysql> select * from records where domain_id=13203; +------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+ | id | domain_id | name | type | content | ttl | prio | disabled | ordername | auth | +------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+ | 6309 | 13203 | . | SOA | a.misconfigured.powerdns.server hostmaster 2020032401 10800 3600 604800 3600 | 3600 | 0 | 0 | NULL | 1 | +------+-----------+------+------+------------------------------------------------------------------------------+------+------+----------+-----------+------+ 1 row in set (0.00 sec) There is an entry (probably a mistake with some API call) which shows a bad SOA entry in a domain with only a "." in the "name" column. In fact, the query for a non existent domain returns something like: # dig @my-dns-server-IP non-existent-domain ; <<>> DiG 9.11.36-RedHat-9.11.36-3.el8 <<>> @my-dns-server-IP non-existent-domain ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39797 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;non-existent-domain. IN A ;; AUTHORITY SECTION: . 3600 IN SOA a.misconfigured.powerdns.server. hostmaster. 2020032401 10800 3600 604800 3600 ;; Query time: 18 msec ;; SERVER: my-dns-server-IP#53(my-dns-server-IP) ;; WHEN: Fri Oct 28 16:08:14 CEST 2022 ;; MSG SIZE rcvd: 116 Do you think it's safe to simply remove it? update records set disabled=1 where id=6309; delete from records where id=6309; Thanks Riccardo 28/10/2022, 15:33 Peter van Dijk via Pdns-users ha scritto: > Hi Riccardo, > > > > On Fri, 2022-10-28 at 09:11 +0000, Riccardo Brunetti via Pdns-users > > wrote: > > > Hello. > > > We have a powerdns server which is authoritative for some zones, let's > > > say zoneA and zoneB > > > If we send a dns query for a zoneC we get NXDOMAIN answer instead of > > > REFUSED. > > > > > > Is this the correct behavior or we are making some configuration > > > mistake? > > > pdns version: 4.5.2 > > > > That is not correct behaviour, so it sounds like a configuration (or > > database content) mistake. > > > > Can you show (unedited!) dig output for the good and the bad queries? > > > > Kind regards, > > -- > > Peter van Dijk > > PowerDNS.COM BV - https://www.powerdns.com/ > > > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users