<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1593733475;
mso-list-type:hybrid;
mso-list-template-ids:1285554668 67567631 67567641 67567643 67567631 67567641 67567643 67567631 67567641 67567643;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=DE link=blue vlink=purple>
<div class=Section1>
<div>
<p class=MsoNormal><span style='color:#1F497D'>Hi again,<o:p></o:p></span></p>
<p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>for those with the
same problem, I have found a workaround myself which needs some code
modifications. This is debian specific, but will work on other linux systems as
well. What I have done is, I kindly changed the code at the "sneaked in
out-of-zone data”, so it kindly discards those entries and continues. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>I know some won’t
will see this not the right way, but my problem cannot be solved in another
way, as my primary DNS Server is (don’t flame me!) Windows 2003 Sp2. I
can’t change this fact ;), so I have to deal with it. Some documents I
found tell me, what they are doing since ServicePack2 cannot be so wrong: <o:p></o:p></span></p>
<p class=MsoPlainText><a href="http://cr.yp.to/djbdns/axfr-notes.html"><span
lang=EN-US>http://cr.yp.to/djbdns/axfr-notes.html</span></a><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoPlainText><a
href="http://home.claranet.de/xyzzy/home/test/draft-koch-dns-glue-clarifications-01.txt"><span
lang=EN-US>http://home.claranet.de/xyzzy/home/test/draft-koch-dns-glue-clarifications-01.txt</span></a><span
lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>However here is the
workaround: <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>1.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>First download the source: <o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:35.4pt'><span lang=EN-US
style='color:#1F497D'>apt-get source pdns-server <o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>2.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>then make the code changes: <o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:35.4pt'><span lang=EN-US
style='color:#1F497D'>edit ./pdns/communicator.cc <o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>3.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>Search for "sneaked in out-of-zone
data" and use this code (may differ from version to version, my debian port
is using 2.9.17):<o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:18.0pt'><span lang=EN-US
style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal style='text-indent:18.0pt'><span lang=EN-US
style='color:#1F497D'>for(Resolver::res_t::iterator
i=recs.begin();i!=recs.end();++i) <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
// WorkArround by ANDRE @ Adiscon<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
if(!endsOn(i->qname, domain)) {<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
L<<Logger::Error<<"Remote "<<remote<<"
sneaked in out-of-zone data '"<qname<<"' during AXFR of zone
'"<<domain<<"'"<<endl;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
// di.backend->abortTransaction();<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
// return;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
// SIMPLY IGNORE THE RECORD<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
else<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
i->domain_id=domain_id;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
di.backend->feedRecord(*i);<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>4.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>Save and compile/create a debian package (Stay
in the folder!). You may need to install several packages first, you will be
notified which: <o:p></o:p></span></p>
<p class=MsoListParagraph><span lang=EN-US style='color:#1F497D'>dpkg-buildpackage
-rfakeroot -uc -b<o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>5.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>Once done, go back to the previous directory
and install the package, for example: <o:p></o:p></span></p>
<p class=MsoListParagraph><span lang=EN-US style='color:#1F497D'>dpkg -i
pdns-server_2.9.17-13sarge3_i386.deb <o:p></o:p></span></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
lang=EN-US style='color:#1F497D'><span style='mso-list:Ignore'>6.<span
style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span
lang=EN-US style='color:#1F497D'>After installed, confirm that the changes were
successfully<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>--<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>Hope this helps – best regards,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>Andre Lorbach<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'>Adiscon<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US style='font-size:10.5pt;font-family:Consolas;
color:#1F497D'><o:p> </o:p></span></p>
</div>
<p class=MsoNormal><span lang=EN-US style='color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> pdns-users-bounces@mailman.powerdns.com
[mailto:pdns-users-bounces@mailman.powerdns.com] <b>On Behalf Of </b>Andre
Lorbach<br>
<b>Sent:</b> Wednesday, May 09, 2007 12:52 PM<br>
<b>To:</b> pdns-users@mailman.powerdns.com<br>
<b>Subject:</b> [Pdns-users] Problem with NS Glue records - "out-of-zone
data"<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hello all,<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span lang=EN-US>We are successfully using powerdns since
some years as secondary name server on a Debian Server, Version 2.9.17 .<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>It has done a great job so far. However
recently a problem occurred when our master dns server was updated. Since this
update, our master dns server is sending so called glue records along with dns
zone transfers.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>To explain the problem I will use the
following sample values: <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>ns.nameserver.com = Nameservername for my
zone<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>somedomain.com = My dns zone I want to
transfer to pdns from the master<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>PowerDNS blocks the zone transfer with the
following reason: <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>May 09 14:13:10 Domain somedomain.com is
stale, master serial 2007050913, our serial 2007050911<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>May 09 14:13:10 AXFR started for '
somedomain.com', transaction started<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>May 09 14:13:10 Remote 172.16.0.164 sneaked
in out-of-zone data 'ns.nameserver.com' during AXFR of zone ' somedomain.com'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>I have been in contact with the vendor of
our primary DNS Server, and we came to the result that powerdns may not support
</span><span lang=EN-US style='font-size:10.0pt;font-family:"Verdana","sans-serif"'>glue
records in DNS zone transfer. </span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>So my question to the mailing list is, are
there any chances to get this problem fixed? I understand that this behavior is
wanted to prevent dns injection, but A records for DNS Server records should be
allowed, or maybe an option be added to allow it. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Currently we rolled back the update on our
master dns server, but we can’t leave it in this state forever. <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>--<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Thank you and best regards,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Andre Lorbach<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Adiscon<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</div>
</body>
</html>