[Pdns-users] allow-axfr-ips or how can I setup a special zone-transfer-policy for every domain
thomas polnik
thomas at polnik.de
Tue May 8 17:33:50 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
at the moment I check, if we can/should migrate from bind to pdns.
follow cases:
a) some of our cutomers use our name servers as master and slave.
b) some customers use our name servers only as slave.
c) some customers use our name servers only as master.
case a)
It is simple to resolve, I use allow-axfr-ips with our IP to prevent
not allowed transfers.
case b)
It is simple to configurate.
case c)
I don't find an answer, how can I solve this problem with pdns.
I can't use allow-axfr-ips, because
Customer A uses pdns for customer-a.de as master with slave
192.168.100.10.
Customer B uses pdns for customer-b.de as master with slave 10.10.10.10.
I must prevent, that customer B can do a zone transfer for
customer-a.de. If I use
allow-axfr-ips=192.168.100.10, 10.10.10.10
customer B can take a look in all data from the domain customer-a.de.
At the moment we uses bind and create automatically a named.conf if
bind is master for a domain. Our script checks for this domain the
NS-Records and allowed explicit for all sec. name servers a zone transfer.
zone "customer-a.de" {
type master;
file "db.customer-a.de";
allow-transfer { 192.168.100.10;};
};
zone "customer-b.de" {
type master;
file "db.customer-b.de";
allow-transfer { 10.10.10.10;};
};
So it not possible, that customer B get the zone from customer-a.de.
Have somebody a hint, how can I solve case c) with pdns?
I want use pdns with gmysql backend.
Best regards,
thomas polnik.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGQLR9bTea+gJmESYRAhbTAJ4iS9IAQCA9zk0JARDgXs9CzXuQ2QCfbuPl
XYxkTaitj1H6OV2OmPOqnfI=
=MZRd
-----END PGP SIGNATURE-----
More information about the Pdns-users
mailing list