[Pdns-users] Supermasters and permissions
bert hubert
ahu at ds9a.nl
Thu Oct 23 18:20:04 UTC 2003
On Tue, Oct 21, 2003 at 06:29:19PM -0700, Daniel Ceregatti wrote:
> I'm curious as to the permissions system, if any, of supermasters. Our
> company is looking to deploy powerdns in a manner where we'll have
> multiple people with supermaster access. Picture the following scenario:
>
> Supermaster A creates a domain foo.com. Supermaster B, knowing foo.com
> is setup on the powerdns name server from another supermaster, does an
> AFXR of foo.com, thereby replacing the foo.com zone on the powerdns server.
It doesn't work that way. Pdns receives a notification from a supermaster
and then checks with that supermaster if the zone is actually there. If it
is, it will retrieve it. As this happens over TCP, this is hard to spoof.
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
More information about the Pdns-users
mailing list