Hello Chris sorry for late reply >> The reason for this is that Google makes a DS request for the domain before >> each request, but the powerdns in version 4.1 gives wrong answer for unsigned >> domains. > > Indeed it does, however it does so only for DS. 8.8.8.8 is known to > early-SERVFAIL the DS query in such a case; however it has not been > observed to SERVFAIL for other queries for the same zone. > >> In the upstream, this is fixed for version 4.2 - >> https://github.com/PowerDNS/pdns/pull/6923. > > After talking to upstream about this, it is more likely that your > zone has other problems that make 8.8.8.8 SERVFAIL. > Can you post a full reproduction scenario?
I could not reproduce this error today. But today I was able to find messages about similar problems: please look at https://groups.google.com/forum/#!topic/public-dns-discuss/jU2HcViB9zY and https://docs.google.com/document/d/1Bn2rmuWvHzIDnLz2Ag6DSSJHFWl69ASIUzpjxBUYE5Y/edit I think Google has changed the behavior of the resolver. Nevertheless, I hope that powerdns in a Buster will handle correctly queries for DS records. -- wbr, Andrey Lyubimets
