[Pdns-users] Supermasters and permissions

Daniel Ceregatti daniel at omnis.com
Wed Oct 22 01:29:19 UTC 2003


I'm curious as to the permissions system, if any, of supermasters. Our
company is looking to deploy powerdns in a manner where we'll have
multiple people with supermaster access. Picture the following scenario:

Supermaster A creates a domain foo.com. Supermaster B, knowing foo.com
is setup on the powerdns name server from another supermaster, does an
AFXR of foo.com, thereby replacing the foo.com zone on the powerdns server.

I've looked at the tables, documentation, and the code. There are two
common fields between supermasters and domains, but does powerdns
actually check these fields to ensure that the server that created the
zone is the one that's updating it? I admit, I find this C++ code very
confusing, but from what I can tell, it doesn't seem that it checks. Am
I wrong?


Daniel Ceregatti

P.S. The fortune in my signature is TOTALLY random. I swear.


Daniel Ceregatti - Programmer
Omnis Network, LLC

	A superfluous element of a source program included so the
	programmer can remember what the hell it was he was doing
	six months later.  Only the weak-minded need them, according
	to those who think they aren't.

More information about the Pdns-users mailing list