[Pdns-dev] Preliminary ACL support in PowerDNS (AXFR for now)

davidu at everydns.net davidu at everydns.net
Sun Mar 16 15:02:43 CET 2003


With the help of Bert Hubert I was able to get a basic ACL system working
in PowerDNS today.

The current system been tested using the gpgsql backend but the other sql
backends should be trivial to add support for.

Attached is the patch which relies on a table in pgsql called "acls" with
the structure of:

   "acl_id" int NOT NULL,
   "acl_type" varchar(32) NOT NULL,
   "key" varchar(250) NOT NULL,
   "value" varchar(255) NOT NULL,
   CONSTRAINT "acls_pkey" PRIMARY KEY ("acl_id")

An example ACL could be:
INSERT INTO "acls" ("acl_id", "acl_type", "key", "value")
VALUES (1, 'allow-axfr', 'example.com', '');

To allow an AXFR of example.com FROM

The acl_type field allows this ACL system to be used for other purposes
besides just axfr.  The system has not been tested with anything besides
AXFR however.  This should patch into current CVS just fine. Please share
comments and questions. (One nice addition might be to add support for

The patch can also be found at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdns_acls.diff
Type: application/octet-stream
Size: 5858 bytes
Desc: not available
Url : http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20030316/ee828e9f/pdns_acls.obj

More information about the Pdns-dev mailing list