On 09/14/2010 08:35 AM, Francis Ramírez Verdugo wrote: > Ok. So, as far as I understand, 'supermaster' table is another 'turn of > the screw' in terms of security that powerDNS provides. > We could have a slave name server and define a master in our 'domains' > table but, unless we insert that master in the 'supermasters' table, all > notifications and changes from that master will be banned, right?
No, all that a "supermaster" can do is, instead of the administrator of the "superslave" host needing to explicitly provision each DNS zone that the "superslave" is to host for the "supermaster", the "supermaster" can simply send a NOTIFY message for a new zone, and if (a) it comes from the authorized IP, and (b) the name indicated is listed in an NS record in the zone, the zone will be automatically provisioned in the "domains" table. This allows for a simpler way to manage DNS replication; my company uses it to allow customers who wish to run their own DNS to slave zones to us en-masse and add zones on demand, instead of us having to go and add them manually. -- Derrik Pates [email protected] _______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
