No technology is perfect, and PowerDNS believes that working with skilled
security researchers across the globe is crucial in identifying weaknesses in
any technology. If you believe you've found a security issue in our products,
we encourage you to notify us. We welcome working with you to resolve the
Please note that our websites and infrastructures are in no way part of this program, and are explicitly out of scope.
To show our appreciation of responsible security researchers, PowerDNS offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based upon the severity of the reported vulnerability, and eligibility is at our sole discretion.
We are interested in security issues in the following products:
When reporting a vulnerability in one of the aforementioned products, please check that it exists in currently supported versions. You can check our development tree at https://github.com/PowerDNS/pdns __, but please do not report any potential security issue to the public bug tracker.
Besides our respect and attribution, PowerDNS may provide rewards to eligible
qualifying vulnerabilities. Rewards include:
PowerDNS will determine at its discretion whether a reward should be granted
amount of the reward. In particular we may choose to pay higher rewards for severe
vulnerabilities or lower rewards for vulnerabilities that are considered less severe. This is not a
contest or competition.
While researching, we'd like to ask you to refrain from:
Thank you for helping keep PowerDNS and our users safe!
Contact us if you want more information.