[Pdns-users] Masked URL Forwarding in PDNS
Is there any way to setup a masked forward using PDNS? I have had a couple of clients ask for this. thanks -d ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS + MySQL results not un-escaped?
On Wed, 06 Jan 2010 21:56:08 you wrote: Hi Michael When I enter a DKIM or Domain Keys record, which requires use of ';', the records on the secondary name server have this character escaped with '\', as to be expected. As this character has a special meaning in MySQL I would think the simple answer would be to unescape it prior to returning the RR. This is a common misunderstanding of web developers that escaping in MySQL is done by adding backslashes. Instead, escaping is done by calling mysql_real_escape(), which prepares the string to be save when storing it to the database but when fetching the string again, it will be the same as before calling mysql_real_escape(). Therefore, if a web application adds backslashes it corrupts the record and this has to be considered as bug of the web application. Ok, so is there any downside to adding an unescape to the code and could this be done by the programmers? I didn't write the web based SQL admin... I use the proper MySQL function in my own code, but I am not rewriting the web based admin... ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor (all versions up to and including 3.1.7.1). Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these vulnerabilities, ALL PowerDNS RECURSOR USERS ARE URGED TO UPGRADE AT THEIR EARLIEST CONVENIENCE. No versions of the PowerDNS Authoritative Server are affected. PowerDNS Recursor 3.1.7.2 as been thoroughly tested, and has in fact been in production for a week at some major sites already. No problems have been reported. 3.1.7.2 does not include anything other than security updates. The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well as cache poisoning, connecting your users to possibly malicious IP addresses. These vulnerabilities were discovered by a third party that for now prefers not to be named. PowerDNS is however very grateful for their help. More details are available on: http://doc.powerdns.com/powerdns-advisory-2010-01.html http://doc.powerdns.com/powerdns-advisory-2010-02.html Debian, FreeBSD, Gentoo and SuSE are processing the changed packages, and will be releasing security updates shortly. Ubuntu does not provide security updates for PowerDNS, so Ubuntu users must take immediate action and download our packages. RHEL4/5, CentOS packages are available (care of Kees Monshouwer) here: http://www.monshouwer.eu/download/3th_party/pdns-recursor/ Updated packages for .deb based systems are available here: http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm Updated packages for .rpm based systems are available here: http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm Source code is available here: http://downloads.powerdns.com/releases/pdns-recursor-3.1.7.2.tar.bz2 If you need any help in upgrading, please do not hesitate to contact us. Kind regards, Bert Hubert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2
The correct links to the .deb packages are: http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.7.2-1_i386.deb http://downloads.powerdns.com/releases/deb/pdns-recursor_3.1.7.2-1_amd64.deb Special 'upgrade option of last resort' (old systems) - In addition, as a special service, we are also providing two precompiled fully static Linux binaries as an 'upgrade option of last resort': http://downloads.powerdns.com/releases/pdns_recursor-3.1.7.2.amd64.static.executable http://downloads.powerdns.com/releases/pdns_recursor-3.1.7.2.i386.static.executable These two binaries are suitable of our .deb or .rpm files somehow refuse to load (which happens on RHEL version 3, for example). Download the appropriate executable, rename to pdns_recursor, set the executable bit (chmod a+x pdns_recursor), and 'mv' the executable over /usr/sbin/pdns_recursor. Bert On Wed, Jan 06, 2010 at 04:11:09PM +0100, bert hubert wrote: Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor (all versions up to and including 3.1.7.1). Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these vulnerabilities, ALL PowerDNS RECURSOR USERS ARE URGED TO UPGRADE AT THEIR EARLIEST CONVENIENCE. No versions of the PowerDNS Authoritative Server are affected. PowerDNS Recursor 3.1.7.2 as been thoroughly tested, and has in fact been in production for a week at some major sites already. No problems have been reported. 3.1.7.2 does not include anything other than security updates. The two major vulnerabilities can lead to a FULL SYSTEM COMPROMISE, as well as cache poisoning, connecting your users to possibly malicious IP addresses. These vulnerabilities were discovered by a third party that for now prefers not to be named. PowerDNS is however very grateful for their help. More details are available on: http://doc.powerdns.com/powerdns-advisory-2010-01.html http://doc.powerdns.com/powerdns-advisory-2010-02.html Debian, FreeBSD, Gentoo and SuSE are processing the changed packages, and will be releasing security updates shortly. Ubuntu does not provide security updates for PowerDNS, so Ubuntu users must take immediate action and download our packages. RHEL4/5, CentOS packages are available (care of Kees Monshouwer) here: http://www.monshouwer.eu/download/3th_party/pdns-recursor/ Updated packages for .deb based systems are available here: http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm Updated packages for .rpm based systems are available here: http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.i386.rpm http://downloads.powerdns.com/releases/rpm/pdns-recursor-3.1.7.2-1.x86_64.rpm Source code is available here: http://downloads.powerdns.com/releases/pdns-recursor-3.1.7.2.tar.bz2 If you need any help in upgrading, please do not hesitate to contact us. Kind regards, Bert Hubert ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Wilcard woes
Hello, I'm running PDNS 2.9.20 on a Debian box and a MySQL back end. I can't get wildcards to work. Here's an illustration of the problem: == mysql select * from domains where id=2; ++-++++-+-+ | id | name| master | last_check | type | notified_serial | account | ++-++++-+-+ | 2 | mcia.cc | NULL | NULL | NATIVE |NULL | NULL| ++-++++-+-+ mysql select name,type,content,ttl from records where domain_id=2; +-+--+--+--+ | name| type | content | ttl | +-+--+--+--+ | mcia.cc | A| 67.201.56.75 | 120 | | www.mcia.cc | A| 67.201.56.75 | 120 | | *.mcia.cc | A| 67.201.56.75 | 120 | +-+--+--+--+ 3 rows in set (0.01 sec) [...@vm1:/etc/powerdns]$ sudo grep wild pdns.conf # wildcard-url Process URL and MBOXFW records # wildcard-url=no # wildcards Honor wildcards in the database # wildcards= [...@vm1:~]$ host mcia.cc localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: mcia.cc has address 67.201.56.75 [...@vm1:~]$ host foo.mcia.cc localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: Host foo.mcia.cc not found: 2(SERVFAIL) == According to everything I've read, this should Just Work. But it doesn't. Any tips on how to fix this would be much appreciated. Thanks, rg ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] PDNS + MySQL results not un-escaped?
Most people have solved this issue awhile ago, but some people never upgrade or review documentation, so here is the things I would check. Sounds like this is php, so: Make sure magic_quotes_gpc is not on in php.ini, or by other means Make sure the php program isn't using add_slashes If it is using add_slashes, replace with mysql_real_escape_string Quoting Michael p...@nettrust.co.nz: On Wed, 06 Jan 2010 21:56:08 you wrote: Hi Michael When I enter a DKIM or Domain Keys record, which requires use of ';', the records on the secondary name server have this character escaped with '\', as to be expected. As this character has a special meaning in MySQL I would think the simple answer would be to unescape it prior to returning the RR. This is a common misunderstanding of web developers that escaping in MySQL is done by adding backslashes. Instead, escaping is done by calling mysql_real_escape(), which prepares the string to be save when storing it to the database but when fetching the string again, it will be the same as before calling mysql_real_escape(). Therefore, if a web application adds backslashes it corrupts the record and this has to be considered as bug of the web application. Ok, so is there any downside to adding an unescape to the code and could this be done by the programmers? I didn't write the web based SQL admin... I use the proper MySQL function in my own code, but I am not rewriting the web based admin... ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Wilcard woes
Some more info: I have wildcards=yes in my pdns.conf file. Here's the mysql query log for what should be a wildcard query: 100106 23:44:22 15 Query select content,ttl,prio,type,domain_id,name from records where name='foo.mcia.cc' 15 Query select content,ttl,prio,type,domain_id,name from records where type='SOA' and name='foo.mcia.cc' So apparently it's not even trying to find the wildcard record. Any help on this would be greatly appreciated. It's really important to me to get this to work. I'd even be willing to pay for someone's time if that's what it takes to get this fixed. Thanks, rg On Jan 6, 2010, at 10:15 AM, Ron Garret wrote: Hello, I'm running PDNS 2.9.20 on a Debian box and a MySQL back end. I can't get wildcards to work. Here's an illustration of the problem: == mysql select * from domains where id=2; ++-++++-+-+ | id | name| master | last_check | type | notified_serial | account | ++-++++-+-+ | 2 | mcia.cc | NULL | NULL | NATIVE |NULL | NULL| ++-++++-+-+ mysql select name,type,content,ttl from records where domain_id=2; +-+--+--+--+ | name| type | content | ttl | +-+--+--+--+ | mcia.cc | A| 67.201.56.75 | 120 | | www.mcia.cc | A| 67.201.56.75 | 120 | | *.mcia.cc | A| 67.201.56.75 | 120 | +-+--+--+--+ 3 rows in set (0.01 sec) [...@vm1:/etc/powerdns]$ sudo grep wild pdns.conf # wildcard-urlProcess URL and MBOXFW records # wildcard-url=no # wildcards Honor wildcards in the database # wildcards= [...@vm1:~]$ host mcia.cc localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: mcia.cc has address 67.201.56.75 [...@vm1:~]$ host foo.mcia.cc localhost Using domain server: Name: localhost Address: 127.0.0.1#53 Aliases: Host foo.mcia.cc not found: 2(SERVFAIL) == According to everything I've read, this should Just Work. But it doesn't. Any tips on how to fix this would be much appreciated. Thanks, rg ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users