[Pdns-users] Re: AXFR's in powerdns
Christof Meerwald
cmeerw at web.de
Sun Jun 22 11:58:17 UTC 2003
On Sun, 22 Jun 2003 13:23:58 +0200, bert hubert wrote:
> On Thu, May 01, 2003 at 10:07:33PM +0200, Christof Meerwald wrote:
>> I have updated to 2.9.8 and it currently allows axfrs from everywhere even
>> if I have disable-axfr=yes and allow-axfr-ips set.
> can you check if the current http://www.powerdns.org/pdns-2.9.9.tar.gz does
> the right thing? I just updated it.
No, that version doesn't get it right either.
Ok, I'll try to go into a bit more detail - I guess there are 4 relevant
cases:
1.
disable-axfr=yes
#allow-axfr-ips= (empty)
pdns 2.9.7: deny
pdns 2.9.8: deny
current pdns 2.9.9: allow
my patch: deny
2.
disable-axfr=no
#allow-axfr-ips= (empty)
pdns 2.9.7: allow
pdns 2.9.8: allow
current pdns 2.9.9: deny
my patch: allow
3.
disable-axfr=yes
allow-axfr-ips=127.0.0.1
pdns 2.9.7: only allow from 127.0.0.1
pdns 2.9.8: allow
current pdns 2.9.9: only allow from 127.0.0.1
my patch: only allow from 127.0.0.1
4.
disable-axfr=no
allow-axfr-ips=127.0.0.1
pdns 2.9.7: allow
pdns 2.9.8: allow
current pdns 2.9.9: deny
my patch: only allow from 127.0.0.1
bye, Christof
--
http://cmeerw.org JID: cmeerw at jabber.at
mailto cmeerw at web.de
More information about the Pdns-users
mailing list