[Pdns-users] per zone acl for transfer?

Derrik Pates demon at devrandom.net
Mon Mar 6 17:15:54 UTC 2006


Heidrich Attila wrote:
> Is there a way to set up per zone acls for axfr? Or is it in the roadmap?

I have a patch, based on a previous similar (though somewhat broken)
patch. I've fixed the issues I found with it, and currently use it as
part of my company's PowerDNS deployment with great success. The table
layout I use for it is as follows:

CREATE TABLE acls (
  acl_type enum('allow-axfr') NOT NULL default 'allow-axfr',
  acl_key varchar(64) NOT NULL default '',
  value varchar(64) NOT NULL default '',
  KEY type_key_index (acl_type,acl_key)
) TYPE=InnoDB;

It should work without 'TYPE=InnoDB' though. 'acl_key' should contain
the domain name, and 'value' should contain the IPv4 address of the
machine that is allowed to AXFR the respective domain. I've used this
patch last with PowerDNS v2.9.18, but it *should* apply against 2.9.19
as well.

-- 
Derrik Pates
demon at devrandom.net
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 03_axfr_acls.diff
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20060306/c5641484/attachment.ksh>


More information about the Pdns-users mailing list