[Pdns-users] Regarding the warning about TSIG and AXFR requests

Mohamed Lrhazi lrhazi at gmail.com
Thu Oct 27 02:18:11 UTC 2011

I would welcome RTFMs here... or is there a more appropriate list for
this question?

Thanks a lot,

On Fri, Oct 21, 2011 at 4:31 AM, Mohamed Lrhazi <lrhazi at gmail.com> wrote:
> Hello,
> Could some explain a bit more what the risks are, that this warning is
> referring  to:
> http://doc.powerdns.com/tsig-outbound-notify-axfr.html
> Warning
> PowerDNS for now only verifies the TSIG signature on the first AXFR
> 'message', which helps for access control, but does not provide 100.0%
> protection of subsequent AXFR zone content messages.
> Is this saying that one would not be protected from content
> modification/injection with this feature enabled?
> If so, what would be my options to secure slave/master communication,
> with pdns acting as slave?
> Thanks a lot,
> Mohamed.

More information about the Pdns-users mailing list