[Pdns-users] Supermasters and permissions
ahu at ds9a.nl
Thu Oct 23 18:20:04 UTC 2003
On Tue, Oct 21, 2003 at 06:29:19PM -0700, Daniel Ceregatti wrote:
> I'm curious as to the permissions system, if any, of supermasters. Our
> company is looking to deploy powerdns in a manner where we'll have
> multiple people with supermaster access. Picture the following scenario:
> Supermaster A creates a domain foo.com. Supermaster B, knowing foo.com
> is setup on the powerdns name server from another supermaster, does an
> AFXR of foo.com, thereby replacing the foo.com zone on the powerdns server.
It doesn't work that way. Pdns receives a notification from a supermaster
and then checks with that supermaster if the zone is actually there. If it
is, it will retrieve it. As this happens over TCP, this is hard to spoof.
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
More information about the Pdns-users