[Pdns-users] AXFR ACL by Domain

[Derrik Pates]

David Levy wrote:
>         I am aware that you can restrict AXFR based on a list of network
> addresses, but I am curious as to if it is possible to do the same on a
> per-domain basis and in the backend instead of config.  >From reading
> the powerdns documentation, it seems like this is not possible at this
> time. I suppose if I am correct, and there is no way to do this
> presently, this message can also be considered a feature request, thanks.

There's not support for it in the mainline code, but I do have a patch
that I roll into my own PowerDNS packages that I use on my employers'
DNS servers. Let me know if you want me to forward it to you. I've made
a few improvements to it to add support to the gsqlite module as well,
and fix up a bug with multiple ACL entries for a single domain. The
tuples allow specific IPs to AXFR specific domains. It doesn't support
CIDR blocks or anything like that, but it works well enough.

-- 
Derrik Pates
demon at devrandom.net