[Pdns-users] pipe backend + slave + bad zones = bug
Kenneth Marshall
ktm at rice.edu
Thu Oct 30 18:37:25 UTC 2008
On Thu, Oct 30, 2008 at 10:59:24AM -0700, crayon at leechbox.net wrote:
> Kenneth Marshall wrote:
>> As you have found out, PowerDNS trusts its backend data completely and
>> expects it to be correct. You need to fix your zones and put mechanisms
>> in place to prevent the entry of bad data at all -- speaking as someone
>> who had their instance brought to its I/O knees by attempted zone
>> transfers
>> of bad data. I would like nicer behavior, but assuming good data allows
>> for
>> streamlined processing and much higher performance than assuming bad data.
>> In fact, by that reasoning PDNS should stop serving zones once incorrect
>> data is found. I think the current behavior is better than not serving
>> the data at all. My two cents.
>>
>> Ken
>>
> While I agree in general it's OK to trust backends, when PowerDNS is in
> 'slave' mode this is riskier. Now you have 100% trust all your backends,
> your network connection and some other software on another server.
>
> In my case PowerDNS already detects the bad data, it just forgets to
> cleanup the co-processes. Maybe slave mode isn't PowerDNS's most
> advisable/supported feature, but it seems to me it still should handle
> error cases gracefully.
>
I apologize, I cofounded your problems with pdns as a slave with
the dirty data in a backend. I agree that this clean-up problem
should be fixed to avoid a possible DoS attack vector.
Ken
More information about the Pdns-users
mailing list