[Pdns-users] Postfix as master+slave. How to prevent supermasters from being able to create subzones for NATIVE domains?
frank+pdns at tembo.be
frank+pdns at tembo.be
Thu May 23 08:33:33 UTC 2019
> On 23 May 2019, at 10:20, sandermoors at telenet.be <mailto:sandermoors at telenet.be> wrote:
>
> Hi Frank,
>
> Intercepting the NOTIFYs with a script sounds like a good idea but can this be done with PowerDNS?
> Or do you mean writing a custom script that acts a a notify proxy/filter?
>
Yes, use a separate notify proxy/filter. There are multiple scripts that you can use as a base for this, eg: https://fanf.livejournal.com/134988.html <https://fanf.livejournal.com/134988.html> (or use GitHub to search for DNS NOTIFY once GitHub is back up).
You could probably construct a mysql trigger that handles everything btw. Create a before insert trigger on the domains tables, check if the new record is of type slave. If so, split it into parts, and for each part, check if that domain already exists as a native domain. If so: drop the insert.
Regards,
Frank
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190523/f4b1dfe6/attachment.html>
More information about the Pdns-users
mailing list