[Pdns-dev] Weird behaviour / CNAME vs. other data in AXFR
bert hubert
bert.hubert at netherlabs.nl
Wed Nov 7 14:12:43 CET 2012
On Wed, Nov 07, 2012 at 11:07:58AM +0100, Posner, Sebastian wrote:
> When erroneously a CNAME is present for a label as well as "other data"
> like an A-record; pdns answers queries for the label with only the CNAME
> while including _all_ data in an AXFR of the zone, without even logging
> the coexistence as an error.
Hi Sebastian,
It is the PowerDNS position that if you put bad data in the backend, bad
results will come out. I'm sorry that this is the case.
PowerDNS as of 3.2 could, with some work, detect a bad zone *during* AXFR,
and terminate the AXFR. But effectively this is what is happening already.
The problem is that PowerDNS only asks the backend things, it does not know
what is 'in' the backend. And while we can do certain tests to determine of
data is correct, we can't do them all.
And therefore our position remains that bad data in leads to bad data out.
Please don't do it ;-)
Bert
> In this case, it was found because bind as a slave then refuses to accept the new zone and sticks with the old content.
>
> I think this is not a problem of one specific backend but of pdns, as this behaviour has been observed with bind as well as gmysql backend; others not tested.
>
> Just filed #613 on this. Did I get anything wrong there or is there indeed need for improvement?
>
> kind regards,
>
> Sebastian
> --
> Sebastian Posner
> Unix-Systemspezialist
> Deutsche Telekom AG, Products & Innovation
> "Es hat einmal einer gesagt, das geht nicht. Dann kam einer, der wusste das nicht und hat es einfach gemacht"
>
>
> _______________________________________________
> Pdns-dev mailing list
> Pdns-dev at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-dev
>
More information about the Pdns-dev
mailing list