On Mon, 20 Apr 2009 14:05:07 +0300 Julian Pawlowski <[email protected]> wrote:
> Hi, > > PowerDNS handles this automatically and allows transfers to all hosts > which have a valid NS record for this domain. > Hmm... For example: mysql> select name, type, content from ns_records; +--------------+------+-------------------------+ | name | type | content | +--------------+------+-------------------------+ | test.com | SOA | localhost [email protected] 1 | | test.com | NS | ns1.test.com | | test.com | NS | ns2.test.com | | ns1.test.com | A | | | ns2.test.com | A | 100.100.100.102 | | test.com | A | 100.100.100.102 | +--------------+------+-------------------------+ mysql> select name, type from ns_domains; +----------+--------+ | name | type | +----------+--------+ | test.com | MASTER | +----------+--------+ 1 row in set (0.00 sec) When I try do lookup from host with IP 192.168.0.215: # dig @192.168.0.215 test.com AXFR +short localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600 ns1.test.com. ns2.test.com. 100.100.100.100 100.100.100.102 100.100.100.102 localhost. ahu.ds9a.nl. 1 10800 3600 604800 3600 So, I can get zone transfer from not valid NS server. There is some patch: http://www.nabble.com/per-zone-acl-for-transfer--to10649886.html#a10649886 Is this patch working good? -- Dmitry Banshchikov _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
