[Pdns-users] allow-axfr-ips or how can I setup a special zone-transfer-policy for every domain

thomas polnik thomas at polnik.de
Tue May 8 17:33:50 UTC 2007

Hash: SHA1


at the moment I check, if we can/should migrate from bind to pdns.

follow cases:
a) some of our cutomers use our name servers as master and slave.
b) some customers use our name servers only as slave.
c) some customers use our name servers only as master.

case a)
It is simple to resolve, I use allow-axfr-ips with our IP to prevent
not allowed transfers.

case b)
It is simple to configurate.

case c)
I don't find an answer, how can I solve this problem with pdns.

I can't use allow-axfr-ips, because
Customer A uses  pdns for  customer-a.de as master with slave
Customer B uses  pdns for  customer-b.de as master with slave

I must prevent, that customer B can do a zone transfer for
customer-a.de. If I use
customer B can take a look in all data from the domain customer-a.de.

At the moment we uses bind and create automatically a named.conf if
bind is master for a domain. Our script checks for this domain the
NS-Records and allowed explicit for all sec. name servers a zone transfer.

zone "customer-a.de" {
  type master;
  file "db.customer-a.de";
  allow-transfer {;};

zone "customer-b.de" {
  type master;
  file "db.customer-b.de";
  allow-transfer {;};

So it not possible, that customer B get the zone from customer-a.de.

Have somebody a hint, how can I solve case c) with pdns?

I want use pdns with gmysql backend.

Best regards,
thomas polnik.

Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the Pdns-users mailing list