Problem
The Query Logs (PostgreSQL) app throws Npgsql.PostgresException (22021) when attempting to bulk-insert DNS query logs that contain null bytes (0x00) in string fields. PostgreSQL's text type rejects embedded null bytes, causing the entire batch insert to fail.
Error Log
[2026-07-17 16:57:47 Local] DNS App [Query Logs (PostgreSQL)]:
Npgsql.PostgresException (0x80004005): 22021: invalid byte sequence for encoding "UTF8": 0x00
at QueryLogsPostgreSql.App.BulkInsertLogsAsync(List`1 logs, StringBuilder sb) in ...\App.cs:line 333
Exception data:
Severity: ERROR
SqlState: 22021
MessageText: invalid byte sequence for encoding "UTF8": 0x00
Where: unnamed portal parameter $8
The error repeats for different parameter positions ($8, $30, etc.), indicating multiple fields are affected.
Environment
- Technitium DNS Server: v15.4
- App: Query Logs (PostgreSQL)
- PostgreSQL: Any version (text type behavior is standard)
Root Cause
DNS query data (QNAME, client hostnames, answer data, etc.) can legitimately contain or be poisoned with null bytes. The app passes these strings directly to Npgsql/PostgreSQL without sanitization.
Suggested Fix
Sanitize string fields before insertion by stripping or replacing null bytes.
This should be applied to all user-controlled string fields in the log batch (QNAME, client identifier, answer RDATA, etc.).
Impact
- Query logs are lost for the affected batch
- Log gaps make troubleshooting and auditing unreliable
- Repeated failures may indicate active exploitation or malformed client traffic
Problem
The Query Logs (PostgreSQL) app throws
Npgsql.PostgresException (22021)when attempting to bulk-insert DNS query logs that contain null bytes (0x00) in string fields. PostgreSQL'stexttype rejects embedded null bytes, causing the entire batch insert to fail.Error Log
The error repeats for different parameter positions (
$8,$30, etc.), indicating multiple fields are affected.Environment
Root Cause
DNS query data (QNAME, client hostnames, answer data, etc.) can legitimately contain or be poisoned with null bytes. The app passes these strings directly to Npgsql/PostgreSQL without sanitization.
Suggested Fix
Sanitize string fields before insertion by stripping or replacing null bytes.
This should be applied to all user-controlled string fields in the log batch (QNAME, client identifier, answer RDATA, etc.).
Impact