[Pdns-users] zones transfer
Dmitry Banshchikov
ubique at peterhost.ru
Mon Apr 20 11:14:16 UTC 2009
On Mon, 20 Apr 2009 14:05:07 +0300
Julian Pawlowski <lists at propenguin.net> wrote:
> Hi,
>
> PowerDNS handles this automatically and allows transfers to all hosts
> which have a valid NS record for this domain.
>
Hmm...
For example:
mysql> select name, type, content from ns_records;
+--------------+------+-------------------------+
| name | type | content |
+--------------+------+-------------------------+
| test.com | SOA | localhost ahu at ds9a.nl 1 |
| test.com | NS | ns1.test.com |
| test.com | NS | ns2.test.com |
| ns1.test.com | A | |
| ns2.test.com | A | 100.100.100.102 |
| test.com | A | 100.100.100.102 |
+--------------+------+-------------------------+
mysql> select name, type from ns_domains;
+----------+--------+
| name | type |
+----------+--------+
| test.com | MASTER |
+----------+--------+
1 row in set (0.00 sec)
When I try do lookup from host with IP 192.168.0.215:
# dig @192.168.0.215 test.com AXFR +short
localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600
ns1.test.com.
ns2.test.com.
100.100.100.100
100.100.100.102
100.100.100.102
localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600
So, I can get zone transfer from not valid NS server.
There is some patch:
http://www.nabble.com/per-zone-acl-for-transfer--to10649886.html#a10649886
Is this patch working good?
--
Dmitry Banshchikov
More information about the Pdns-users
mailing list