[Pdns-users] PowerDNS Authoritative Server 4.2.0 Release Candidate 1 Released

mike+lists at yourtownonline.com mike+lists at yourtownonline.com
Fri Mar 29 19:22:48 UTC 2019 

On 3/19/19 8:41 AM, Erik Winkels via Pdns-users wrote:
> Hi all,
>
> (Via: https://blog.powerdns.com/2019/03/19/powerdns-authoritative-server-4-2-0-release-candidate-1-released/ )
>
> This release fixes an issue with security implications that has been recently reported in the HTTP remote backend of the PowerDNS Authoritative Server. Setups that are not using this backend are not impacted by this issue. More information can be found in the corresponding security advisory:



Hi,

    Firstly, again, thank you for powerdns.

    I have been testing around with this and used it as an excuse to
create an ansible playbook for deployment. Along the way, it seems that
something is broken regarding superslave - my prior 4.1.8 servers all
respected and uses the superslave functionality but under 4.2.0rc1, that
appears to not work.

    On my hidden master I issue a notify. On the (super)slave, under
4.2.0rc1, I get this:

pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of
hidden master>
pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of
hidden master> for which we are not authoritative (Refused)

    Now, I remove 4.2.0 but leave the config files and the sqlite
database file as is, and then install 4.1.8. I initiate a notify from my
hidden master, and lo and behold:

Mar 29 15:20:05 offsite pdns_server[2177]: Received NOTIFY for
somezone.com from <ipv6 of hidden master>  for which we are not
authoritative
Mar 29 15:20:06 offsite pdns_server[2177]: Created new slave zone
'somezone.com from supermaster <ipv6 of hidden master>


      My pdns.conf file is:

allow-notify-from=<my hidden master>
cache-ttl=5
include-dir=/etc/powerdns/pdns.d
launch=
local-address=<slave ipv4>
local-ipv6=<slave ipv6>
local-ipv6-nonexist-fail=no
log-dns-details=no
log-dns-queries=no
master=no
query-local-address=<slave ipv4>
query-local-address6=<slave ipv6>
query-logging=yes
retrieval-threads=2
reuseport=yes
setgid=pdns
setuid=pdns
slave=yes


    Any ideas are welcome.


    Thank you.


Mike-

More information about the Pdns-users mailing list