[Pdns-users] Re: AXFR's in powerdns

Norbert Sendetzky norbert at linuxnetworks.de
Sun Jun 22 16:33:10 UTC 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 22 June 2003 13:58, Christof Meerwald wrote:
> > can you check if the current
> > http://www.powerdns.org/pdns-2.9.9.tar.gz does the right thing? I
> > just updated it.
>
> No, that version doesn't get it right either.

Sorry guys, the suggestion I sent Bert contained a ! which should not
be there:

> if(!arg().mustDo("disable-axfr")
>     return false;
>
> if(arg()["allow-axfr-ips"].empty())
>    return true;

must be:

if(arg().mustDo("disable-axfr")
    return false;

> Ok, I'll try to go into a bit more detail - I guess there are 4
> relevant cases:
>
> 1.
> disable-axfr=yes
> #allow-axfr-ips= (empty)
>
> pdns 2.9.7: deny
> pdns 2.9.8: deny
> current pdns 2.9.9: allow
> my patch: deny

Fixed by above correction

> 2.
> disable-axfr=no
> #allow-axfr-ips= (empty)
>
> pdns 2.9.7: allow
> pdns 2.9.8: allow
> current pdns 2.9.9: deny
> my patch: allow

Fixed by above correction

> 3.
> disable-axfr=yes
> allow-axfr-ips=127.0.0.1
>
> pdns 2.9.7: only allow from 127.0.0.1
> pdns 2.9.8: allow
> current pdns 2.9.9: only allow from 127.0.0.1
> my patch: only allow from 127.0.0.1

Should be "deny", regardless if allow-axfr-ips is set or not!

> 4.
> disable-axfr=no
> allow-axfr-ips=127.0.0.1
>
> pdns 2.9.7: allow
> pdns 2.9.8: allow
> current pdns 2.9.9: deny
> my patch: only allow from 127.0.0.1

Should be fixed by above correction


Norbert

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+9dpGxMLs5v5/7eARAg1qAJ9WTD2m5+zhhgWdvYO/5oRolBaTQQCfYvgw
AjMhaKAP8kEvjpPk2tFNZTk=
=6u1x
-----END PGP SIGNATURE-----



More information about the Pdns-users mailing list