PowerDNS has a bogus concept of `valid DNS names' that gets in the way of correct answers for legitimate queries

[anon]

Quoth RFC 1035, Section 3.1 Name space definitions: Although labels can contain any 8 bit values in octets that make up a label, it is strongly recommended that labels follow the preferred syntax described elsewhere in this memo, which is compatible with existing host naming conventions.

When I query a PowerDNS server for a name in a zone for which it is not authoritative, if that name contains any octets whose US-ASCII interpretations are neither alphanumeric, dot, hyphen, underscore, slash, nor at-sign, then the PowerDNS server immediately returns a SERVFAIL response, rather than usefully returning NS records for the zone. This makes legitimate queries fail unless the agent performing the queries knows ahead of time what server is actually authoritative for the zone.

The culprit, I believe, is packethandler.cc's validDNSName, and its use in questionOrRecurse. Anything that accidentally relies on the conditions of validDNSName, especially on names in zones for which the PowerDNS server is not authoritative, should be fixed, and questionOrRecurse should not respond with SERVFAIL.

[ahu]

Duplicate of 118.

[anon]

Hey guys, this is still an issue, and there doesn't seem to be a duplicate of #118.

Our product uses DNS to query a back-end database and powerDNS is dropping queries that should be legit.

The query is:

0.mi.adinterax.com_-.js_-.yahoohouse,Messenger_IMREC_-.Messenger_-.YMessenger_international-calls300x250_062911,C=Messenge_-0.r,P=Yahoo_-.ad-iframe.js.28a2.un-ddcd5741e02ee772.u.l.esoft.com

I agree with the original reporter that the function validDNSName used to determine whether a domain is valid or not isn't really broad enough.

I hate to reopen the bug but I can't find the ticket this is supposed to duplicate.

[anon]

Ahh, I think this was supposed to be marked a duplicate of #113, but I don't think it really is. That ticket is much larger in scope than this one.

Thanks.