Hi Marcin, Depending on your application, the allow-axfr-ips option might be useful to fence this off.
Brendan On Fri, Oct 11, 2013 at 7:08 AM, Marcin Deranek <[email protected]>wrote: > Hi, > > So far we've been using PowerDNS solely for dynamic DNS resolution > using PipeBackend only, so we had "disable-axfr=yes" in PowerDNS > configuration as there was no need to provide zone transfers. > Currently I'm trying to add static DNS resolution to the very same > instance (using Bind backend) which requires enabling zone transfers, > but I struggle to disable them only for PipeBackend while enabling them > for Bind backend. > > So far the "cleanest" approach (or the most compatible with > "disable-axfr=yes" setting we had before) I came up with is to return > nothing on AXFR or SOA query when remote-ip-address=='0.0.0.0' (this is > SOA query which precedes AXFR). > Filtering out query type in pipe-regex has the problem with SOA query > which precedes AXFR especially when you want to support SOA queries. > Does anybody has a better idea ? > Thanx in advance. > > Marcin Deranek > > _______________________________________________ > Pdns-users mailing list > [email protected] > http://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
