[Pdns-users] PowerDNS Authoritative Server 4.2.0 Release Candidate 1 Released
Otto Moerbeek
otto at drijf.net
Fri Mar 29 19:28:14 UTC 2019
hOn Fri, Mar 29, 2019 at 12:22:48PM -0700, mike+lists at yourtownonline.com wrote:
> On 3/19/19 8:41 AM, Erik Winkels via Pdns-users wrote:
> > Hi all,
> >
> > (Via: https://blog.powerdns.com/2019/03/19/powerdns-authoritative-server-4-2-0-release-candidate-1-released/ )
> >
> > This release fixes an issue with security implications that has been recently reported in the HTTP remote backend of the PowerDNS Authoritative Server. Setups that are not using this backend are not impacted by this issue. More information can be found in the corresponding security advisory:
>
>
>
> Hi,
>
> Firstly, again, thank you for powerdns.
>
> I have been testing around with this and used it as an excuse to
> create an ansible playbook for deployment. Along the way, it seems that
> something is broken regarding superslave - my prior 4.1.8 servers all
> respected and uses the superslave functionality but under 4.2.0rc1, that
> appears to not work.
>
> On my hidden master I issue a notify. On the (super)slave, under
> 4.2.0rc1, I get this:
>
> pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of
> hidden master>
> pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of
> hidden master> for which we are not authoritative (Refused)
>
> Now, I remove 4.2.0 but leave the config files and the sqlite
> database file as is, and then install 4.1.8. I initiate a notify from my
> hidden master, and lo and behold:
>
> Mar 29 15:20:05 offsite pdns_server[2177]: Received NOTIFY for
> somezone.com from <ipv6 of hidden master> for which we are not
> authoritative
> Mar 29 15:20:06 offsite pdns_server[2177]: Created new slave zone
> 'somezone.com from supermaster <ipv6 of hidden master>
>
>
> My pdns.conf file is:
>
> allow-notify-from=<my hidden master>
> cache-ttl=5
> include-dir=/etc/powerdns/pdns.d
> launch=
> local-address=<slave ipv4>
> local-ipv6=<slave ipv6>
> local-ipv6-nonexist-fail=no
> log-dns-details=no
> log-dns-queries=no
> master=no
> query-local-address=<slave ipv4>
> query-local-address6=<slave ipv6>
> query-logging=yes
> retrieval-threads=2
> reuseport=yes
> setgid=pdns
> setuid=pdns
> slave=yes
>
>
> Any ideas are welcome.
See https://doc.powerdns.com/authoritative/settings.html#setting-supermaster
It's a new setting in 4.2.
-Otto
>
>
> Thank you.
>
>
> Mike-
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list