diff --git a/llarp/dns/dns.hpp b/llarp/dns/dns.hpp
index 9aeae20a3..921b16f38 100644
--- a/llarp/dns/dns.hpp
+++ b/llarp/dns/dns.hpp
@@ -22,8 +22,9 @@ namespace llarp
     constexpr uint16_t flags_TC             = (1 << 9);
     constexpr uint16_t flags_RD             = (1 << 8);
     constexpr uint16_t flags_RA             = (1 << 7);
-    constexpr uint16_t flags_RCODENameError = (1 << 3);
-    constexpr uint16_t flags_RCODENoError   = (1 << 0);
+    constexpr uint16_t flags_RCODENameError = (3);
+    constexpr uint16_t flags_RCODEServFail  = (2);
+    constexpr uint16_t flags_RCODENoError   = (0);
 
   }  // namespace dns
 }  // namespace llarp
diff --git a/llarp/dns/message.cpp b/llarp/dns/message.cpp
index 6b6d3b230..eeede938b 100644
--- a/llarp/dns/message.cpp
+++ b/llarp/dns/message.cpp
@@ -152,6 +152,28 @@ namespace llarp
       return true;
     }
 
+    void
+    Message::AddServFail(RR_TTL_t ttl)
+    {
+      if(questions.size())
+      {
+        hdr_fields |= flags_RCODEServFail;
+        // authorative response with recursion available
+        hdr_fields |= flags_QR | flags_AA | flags_RA;
+        // don't allow recursion on this request
+        hdr_fields &= ~flags_RD;
+        answers.emplace_back();
+        const auto& question = questions[0];
+        auto& nx             = answers.back();
+        nx.rr_name           = question.qname;
+        nx.rr_type           = question.qtype;
+        nx.rr_class          = question.qclass;
+        nx.ttl               = ttl;
+        nx.rData.resize(1);
+        nx.rData.data()[0] = 0;
+      }
+    }
+
     void
     Message::AddINReply(llarp::huint32_t ip, bool isV6, RR_TTL_t ttl)
     {
diff --git a/llarp/dns/message.hpp b/llarp/dns/message.hpp
index 5015f8598..f42216d33 100644
--- a/llarp/dns/message.hpp
+++ b/llarp/dns/message.hpp
@@ -54,6 +54,9 @@ namespace llarp
       void
       AddNXReply(RR_TTL_t ttl = 1);
 
+      void
+      AddServFail(RR_TTL_t ttl = 30);
+
       void
       AddMXReply(std::string name, uint16_t priority, RR_TTL_t ttl = 1);
 
diff --git a/llarp/handlers/tun.cpp b/llarp/handlers/tun.cpp
index 4ec394256..cbb463386 100644
--- a/llarp/handlers/tun.cpp
+++ b/llarp/handlers/tun.cpp
@@ -404,9 +404,6 @@ namespace llarp
       llarp::service::Address addr;
       if(msg.questions.size() == 1)
       {
-        // always hook mx records
-        if(msg.questions[0].qtype == llarp::dns::qTypeMX)
-          return true;
         // hook random.snode
         if(msg.questions[0].qname == "random.snode"
            || msg.questions[0].qname == "random.snode.")
@@ -415,10 +412,10 @@ namespace llarp
         if(msg.questions[0].qname == "localhost.loki"
            || msg.questions[0].qname == "localhost.loki.")
           return true;
-        // hook .loki A records
+        // hook .loki
         if(addr.FromString(msg.questions[0].qname, ".loki"))
           return true;
-        // hook .snode A records
+        // hook .snode
         if(addr.FromString(msg.questions[0].qname, ".snode"))
           return true;
         // hook any ranges we own