[Pdns-users] NOTIFY only the ALSO-NOTIFY servers
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Mar 21 14:24:59 UTC 2014
Hi Philippe!
I also had such a workaround in mind, but I feared it may cause troubles
when someone sends a DNS lookup explicitely for NS record.
Today I stumbled across a new option in git head (will be available in
PowerDNS 3.4):
#################################
# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks
#
# only-notify=0.0.0.0/0,::/0
I use it and allow basically nothing, and it seems to work.
only-notify=0.0.0.0/32,::/128
I also created a feature request for explicit notifications:
https://github.com/PowerDNS/pdns/issues/1340
Note: When upgrading to HEAD/3.4 you have to update the DB-Schema:
ALTER TABLE records ADD disabled BOOLEAN DEFAULT 'f';
regards
Klaus
On 21.03.2014 09:57, Philippe M wrote:
> Hi Klaus,
> i do a bad way, but it somehow works with no problems at the moment, so
> if you haven't found any other way, you might want to try it.
>
> I added this line in pdns.conf of my Master:
> gpgsql-basic-query-auth=select content,ttl,prio,type,domain_id,name,auth
> from records where type='%s' and type !='NS' and name='%s'
>
> This manipulates the Query which is send by PowerDNS to the Database to
> get the records.
> With the change it always get a normal Answer except when it wants to
> know the Nameserver to send a notify.
> (AXFR transfer the Records normal - with the NS Records / because it
> uses another Query)
>
> I don't know if there is a better way to do it, but this works for me at
> the moment.
> (If you find a better one let me know)
>
> Kind regards,
> Philippe
>
>
> Klaus Darilion <klaus.mailinglists at pernau.at> schrieb am 13:31 Mittwoch,
> 19.März 2014:
> Hi!
>
> I have pdns as bum in the wire, acting for a certain zone as SLAVE and
> as MASTER. Therefore I had to set slave-renotify=yes.
>
> The downstream slaves receive NOTIFYs via the ALSO-NOTIFY
> domainmetadata, both PDNS notifies also the name servers in the NS records.
>
> Is there a way to notify only the ALSO-NOTIFY-nameservers and to not
> notify the NS name servers? (Similar to Bind's "notify explicit" feature)
>
> Thanks
> Klaus
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com <mailto:Pdns-users at mailman.powerdns.com>
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
More information about the Pdns-users
mailing list