[Pdns-users] Regarding the warning about TSIG and AXFR requests
lrhazi at gmail.com
Fri Oct 21 08:31:29 UTC 2011
Could some explain a bit more what the risks are, that this warning is
PowerDNS for now only verifies the TSIG signature on the first AXFR
'message', which helps for access control, but does not provide 100.0%
protection of subsequent AXFR zone content messages.
Is this saying that one would not be protected from content
modification/injection with this feature enabled?
If so, what would be my options to secure slave/master communication,
with pdns acting as slave?
Thanks a lot,
More information about the Pdns-users