on hardened profile pdnsd is compiled by default with ipv6 flag now.
This causes that pdnsd resolver cannot bind to socket or something :(

there are logs:

marcin@devserver ~ $ sudo pdnsd -g
* 08/13 17:12:55| pdnsd: info: pdnsd-1.2.8-par starting.
- 08/13 17:12:55| Debug messages activated
- 08/13 17:12:55| Using IPv6.
- 08/13 17:12:55| performing uptest (type=if) for ::ffff:213.156.98.141
- 08/13 17:12:55| result of uptest for ::ffff:213.156.98.141: OK
- 08/13 17:12:55| All threads started successfully.
1 08/13 17:12:57| Received query.
1 08/13 17:12:57| Questions are:
1 08/13 17:12:57|       qc=IN (1), qt=A (1), query="kwejk.pl."
1 08/13 17:12:57| Starting cached resolve for: kwejk.pl., query A
1 08/13 17:12:57| Trying name servers.
1 08/13 17:12:57| Sending query to ::ffff:192.168.0.254
* 08/13 17:12:57| pdnsd: warning: Could not bind to socket: Permission denied
1 08/13 17:12:57| Sending query to ::ffff:213.156.98.141
* 08/13 17:12:57| pdnsd: warning: Could not bind to socket: Permission denied
1 08/13 17:12:57| Sending query to ::ffff:150.254.173.3
* 08/13 17:12:57| pdnsd: warning: Could not bind to socket: Permission denied
1 08/13 17:12:57| No query succeeded. Returning error code "server failed"
1 08/13 17:12:57| Outbound msg len 26, tc=0, rc="server failed"
1 08/13 17:12:57| Answering to: ::ffff:127.0.0.1, source address: ::ffff:127.0.0.1
^C- 08/13 17:13:00| Signal 2 caught.
- 08/13 17:13:00| Writing cache to /var/cache/pdnsd/pdnsd.cache
- 08/13 17:13:00| Finished writing cache to disk.
* 08/13 17:13:00| pdnsd: warning: Caught signal 2. Exiting.

here is log with pdnsd run as root

devserver pdnsd # pdnsd -g
* 08/13 17:13:33| pdnsd: info: pdnsd-1.2.8-par starting.
- 08/13 17:13:33| Debug messages activated
- 08/13 17:13:33| Using IPv6.
- 08/13 17:13:33| performing uptest (type=if) for ::ffff:213.156.98.141
- 08/13 17:13:33| All threads started successfully.
- 08/13 17:13:33| result of uptest for ::ffff:213.156.98.141: OK
1 08/13 17:13:44| Received query.
1 08/13 17:13:44| Questions are:
1 08/13 17:13:44|       qc=IN (1), qt=A (1), query="dnl-01.geo.kaspersky.com."
1 08/13 17:13:44| Starting cached resolve for: dnl-01.geo.kaspersky.com., query A
1 08/13 17:13:44| Trying name servers.
1 08/13 17:13:44| Sending query to ::ffff:192.168.0.254
* 08/13 17:13:44| pdnsd: warning: Out of ports in the range 1024-65535, dropping query!
1 08/13 17:13:44| Sending query to ::ffff:213.156.98.141
* 08/13 17:13:44| pdnsd: warning: Out of ports in the range 1024-65535, dropping query!
1 08/13 17:13:44| Sending query to ::ffff:150.254.173.3
* 08/13 17:13:44| pdnsd: warning: Out of ports in the range 1024-65535, dropping query!
1 08/13 17:13:44| No query succeeded. Returning error code "server failed"
1 08/13 17:13:44| Outbound msg len 42, tc=0, rc="server failed"
1 08/13 17:13:44| Answering to: ::ffff:192.168.1.33, source address: ::ffff:192.168.1.254
^C- 08/13 17:13:46| Signal 2 caught.
- 08/13 17:13:46| Writing cache to /var/cache/pdnsd/pdnsd.cache
- 08/13 17:13:46| Finished writing cache to disk.
* 08/13 17:13:46| pdnsd: warning: Caught signal 2. Exiting.


Reproducible: Always

Steps to Reproduce:
1. compile pdnsd-1.2.8-r4 with ipv6 flag
2. run pdnsd -g with default config
3.
Actual Results:  
devserver pdnsd # host www.wp.pl. 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host www.wp.pl not found: 2(SERVFAIL)


Expected Results:  

host www.wp.pl. 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

www.wp.pl has address 212.77.100.101