I submitted ticket: http://wiki.powerdns.com/trac/ticket/400
On Tue, Nov 1, 2011 at 2:19 AM, Peter van Dijk <peter.van.d...@netherlabs.nl> wrote: > Hello Mohamed, > > On Nov 1, 2011, at 4:31 , Mohamed Lrhazi wrote: > >> On Mon, Oct 31, 2011 at 11:20 AM, Peter van Dijk >> <peter.van.d...@netherlabs.nl> wrote: >>> >>> I have checked the relevant code, and the answer is: yes, one would not be >>> protected from content modification/injection. An attacker that can modify >>> TCP-streams between master and slave can inject records. >>> >>> Options to secure master/slave communication include: >>> - making sure the transfer happens over some kind of VPN (OpenSSH, IPSEC) >>> - using MySQL-replication (with SSL!) instead of AXFR >>> >> >> Does anyone know if there are plans to complete TSIG implementation in >> PowerDNS, in future versions? > > In theory, every thinkable improvement to PowerDNS is expected to come in the > future. In practice, we prioritize based on our own perception of what's > important, on what requests come by on the mailing list a lot, and, very > importantly, on what customers with paid support contracts are asking for. > > You should at least file a bug at http://wiki.powerdns.com/ to make sure we > don't forget this issue exists at all. > > Kind regards, > Peter van Dijk _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
