[Pdns-users] Problem with NS Glue records - "out-of-zone data"
Andre Lorbach
alorbach at ro1.adiscon.com
Wed May 9 10:52:15 UTC 2007
Hello all,
We are successfully using powerdns since some years as secondary name
server on a Debian Server, Version 2.9.17 .
It has done a great job so far. However recently a problem occurred when
our master dns server was updated. Since this update, our master dns
server is sending so called glue records along with dns zone transfers.
To explain the problem I will use the following sample values:
ns.nameserver.com = Nameservername for my zone
somedomain.com = My dns zone I want to transfer to pdns from the master
PowerDNS blocks the zone transfer with the following reason:
May 09 14:13:10 Domain somedomain.com is stale, master serial
2007050913, our serial 2007050911
May 09 14:13:10 AXFR started for ' somedomain.com', transaction started
May 09 14:13:10 Remote 172.16.0.164 sneaked in out-of-zone data
'ns.nameserver.com' during AXFR of zone ' somedomain.com'
I have been in contact with the vendor of our primary DNS Server, and we
came to the result that powerdns may not support glue records in DNS
zone transfer.
So my question to the mailing list is, are there any chances to get this
problem fixed? I understand that this behavior is wanted to prevent dns
injection, but A records for DNS Server records should be allowed, or
maybe an option be added to allow it.
Currently we rolled back the update on our master dns server, but we
can't leave it in this state forever.
--
Thank you and best regards,
Andre Lorbach
Adiscon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20070509/ece07e4d/attachment.html>
More information about the Pdns-users
mailing list