[Pdns-users] Supermasters and permissions

bert hubert ahu at ds9a.nl
Thu Oct 23 18:20:04 UTC 2003

On Tue, Oct 21, 2003 at 06:29:19PM -0700, Daniel Ceregatti wrote:

> I'm curious as to the permissions system, if any, of supermasters. Our
> company is looking to deploy powerdns in a manner where we'll have
> multiple people with supermaster access. Picture the following scenario:
> Supermaster A creates a domain foo.com. Supermaster B, knowing foo.com
> is setup on the powerdns name server from another supermaster, does an
> AFXR of foo.com, thereby replacing the foo.com zone on the powerdns server.

It doesn't work that way. Pdns receives a notification from a supermaster
and then checks with that supermaster if the zone is actually there. If it
is, it will retrieve it. As this happens over TCP, this is hard to spoof.

http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

More information about the Pdns-users mailing list