[Pdns-users] Differences between slave and superslave
Derrik Pates
demon at devrandom.net
Tue Sep 14 18:34:42 UTC 2010
On 09/14/2010 08:35 AM, Francis RamÃÂrez Verdugo wrote:
> Ok. So, as far as I understand, 'supermaster' table is another 'turn of
> the screw' in terms of security that powerDNS provides.
> We could have a slave name server and define a master in our 'domains'
> table but, unless we insert that master in the 'supermasters' table, all
> notifications and changes from that master will be banned, right?
No, all that a "supermaster" can do is, instead of the administrator of
the "superslave" host needing to explicitly provision each DNS zone that
the "superslave" is to host for the "supermaster", the "supermaster" can
simply send a NOTIFY message for a new zone, and if (a) it comes from
the authorized IP, and (b) the name indicated is listed in an NS record
in the zone, the zone will be automatically provisioned in the "domains"
table. This allows for a simpler way to manage DNS replication; my
company uses it to allow customers who wish to run their own DNS to
slave zones to us en-masse and add zones on demand, instead of us having
to go and add them manually.
--
Derrik Pates
demon at devrandom.net
More information about the Pdns-users
mailing list