Kenneth Marshall wrote:
As you have found out, PowerDNS trusts its backend data completely and
expects it to be correct. You need to fix your zones and put mechanisms
in place to prevent the entry of bad data at all -- speaking as someone
who had their instance brought to its I/O knees by attempted zone transfers
of bad data. I would like nicer behavior, but assuming good data allows for
streamlined processing and much higher performance than assuming bad data.
In fact, by that reasoning PDNS should stop serving zones once incorrect
data is found. I think the current behavior is better than not serving
the data at all. My two cents.
Ken
While I agree in general it's OK to trust backends, when PowerDNS is in
'slave' mode this is riskier. Now you have 100% trust all your backends,
your network connection and some other software on another server.
In my case PowerDNS already detects the bad data, it just forgets to
cleanup the co-processes. Maybe slave mode isn't PowerDNS's most
advisable/supported feature, but it seems to me it still should handle
error cases gracefully.
_______________________________________________
Pdns-users mailing list
[email protected]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
