[Pdns-users] Re: AXFR's in powerdns
Norbert Sendetzky
norbert at linuxnetworks.de
Sun Jun 22 16:33:10 UTC 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 22 June 2003 13:58, Christof Meerwald wrote:
> > can you check if the current
> > http://www.powerdns.org/pdns-2.9.9.tar.gz does the right thing? I
> > just updated it.
>
> No, that version doesn't get it right either.
Sorry guys, the suggestion I sent Bert contained a ! which should not
be there:
> if(!arg().mustDo("disable-axfr")
> return false;
>
> if(arg()["allow-axfr-ips"].empty())
> return true;
must be:
if(arg().mustDo("disable-axfr")
return false;
> Ok, I'll try to go into a bit more detail - I guess there are 4
> relevant cases:
>
> 1.
> disable-axfr=yes
> #allow-axfr-ips= (empty)
>
> pdns 2.9.7: deny
> pdns 2.9.8: deny
> current pdns 2.9.9: allow
> my patch: deny
Fixed by above correction
> 2.
> disable-axfr=no
> #allow-axfr-ips= (empty)
>
> pdns 2.9.7: allow
> pdns 2.9.8: allow
> current pdns 2.9.9: deny
> my patch: allow
Fixed by above correction
> 3.
> disable-axfr=yes
> allow-axfr-ips=127.0.0.1
>
> pdns 2.9.7: only allow from 127.0.0.1
> pdns 2.9.8: allow
> current pdns 2.9.9: only allow from 127.0.0.1
> my patch: only allow from 127.0.0.1
Should be "deny", regardless if allow-axfr-ips is set or not!
> 4.
> disable-axfr=no
> allow-axfr-ips=127.0.0.1
>
> pdns 2.9.7: allow
> pdns 2.9.8: allow
> current pdns 2.9.9: deny
> my patch: only allow from 127.0.0.1
Should be fixed by above correction
Norbert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+9dpGxMLs5v5/7eARAg1qAJ9WTD2m5+zhhgWdvYO/5oRolBaTQQCfYvgw
AjMhaKAP8kEvjpPk2tFNZTk=
=6u1x
-----END PGP SIGNATURE-----
More information about the Pdns-users
mailing list