[Pdns-users] Regarding the warning about TSIG and AXFR requests
Mohamed Lrhazi
lrhazi at gmail.com
Fri Oct 21 08:31:29 UTC 2011
Hello,
Could some explain a bit more what the risks are, that this warning is
referring to:
http://doc.powerdns.com/tsig-outbound-notify-axfr.html
Warning
PowerDNS for now only verifies the TSIG signature on the first AXFR
'message', which helps for access control, but does not provide 100.0%
protection of subsequent AXFR zone content messages.
Is this saying that one would not be protected from content
modification/injection with this feature enabled?
If so, what would be my options to secure slave/master communication,
with pdns acting as slave?
Thanks a lot,
Mohamed.
More information about the Pdns-users
mailing list