Ticket #213 (reopened defect)
PowerDNS has a bogus concept of `valid DNS names' that gets in the way of correct answers for legitimate queries
|Reported by:||anon||Owned by:||ahu|
Quoth RFC 1035, Section 3.1 Name space definitions: Although labels can contain any 8 bit values in octets that make up a label, it is strongly recommended that labels follow the preferred syntax described elsewhere in this memo, which is compatible with existing host naming conventions.
When I query a PowerDNS server for a name in a zone for which it is not authoritative, if that name contains any octets whose US-ASCII interpretations are neither alphanumeric, dot, hyphen, underscore, slash, nor at-sign, then the PowerDNS server immediately returns a SERVFAIL response, rather than usefully returning NS records for the zone. This makes legitimate queries fail unless the agent performing the queries knows ahead of time what server is actually authoritative for the zone.
The culprit, I believe, is packethandler.cc's validDNSName, and its use in questionOrRecurse. Anything that accidentally relies on the conditions of validDNSName, especially on names in zones for which the PowerDNS server is not authoritative, should be fixed, and questionOrRecurse should not respond with SERVFAIL.