Banner object (1)

Hack and Take the Cash !

684 bounties in database



No technology is perfect, and PowerDNS believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our products, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Please note that our websites and infrastructures are in no way part of this program, and are explicitly out of scope.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Bounty Program

To show our appreciation of responsible security researchers, PowerDNS offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion.


We are interested in security issues in the following products:

  • PowerDNS Authoritative Server
  • PowerDNS Recursive Server
  • dnsdist

When reporting a vulnerability in one of the aforementioned products, please check that it exists in currently supported versions. You can check our development tree at __, but please do not report any potential security issue to the public bug tracker.


Besides our respect and attribution, PowerDNS may provide rewards to eligible reporters of
qualifying vulnerabilities. Rewards include:

  • PowerDNS-Branded Clothing (T-Shirts, Polo Shirts, Hoodies).
  • Minimum reward of $100 USD for vulnerabilities we consider to be serious but of low-impact, up to a maximum of $5000 USD for the most severe vulnerabilities.

PowerDNS will determine at its discretion whether a reward should be granted and the
amount of the reward. In particular we may choose to pay higher rewards for severe
vulnerabilities or lower rewards for vulnerabilities that are considered less severe. This is not a
contest or competition.


While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of PowerDNS staff or contractors
  • Any physical attempts against PowerDNS property or data centers
  • Editing our public wiki on GitHub. Yes, we know it's a public wiki that any GitHub user can edit.

Thank you for helping keep PowerDNS and our users safe!

Hall of Fame

List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2018