hOn Fri, Mar 29, 2019 at 12:22:48PM -0700, mike+li...@yourtownonline.com wrote:
> On 3/19/19 8:41 AM, Erik Winkels via Pdns-users wrote: > > Hi all, > > > > (Via: > > https://blog.powerdns.com/2019/03/19/powerdns-authoritative-server-4-2-0-release-candidate-1-released/ > > ) > > > > This release fixes an issue with security implications that has been > > recently reported in the HTTP remote backend of the PowerDNS Authoritative > > Server. Setups that are not using this backend are not impacted by this > > issue. More information can be found in the corresponding security advisory: > > > > Hi, > > Firstly, again, thank you for powerdns. > > I have been testing around with this and used it as an excuse to > create an ansible playbook for deployment. Along the way, it seems that > something is broken regarding superslave - my prior 4.1.8 servers all > respected and uses the superslave functionality but under 4.2.0rc1, that > appears to not work. > > On my hidden master I issue a notify. On the (super)slave, under > 4.2.0rc1, I get this: > > pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of > hidden master> > pdns_server[31701]: Received NOTIFY for somezone.com from <ipv4 of > hidden master> for which we are not authoritative (Refused) > > Now, I remove 4.2.0 but leave the config files and the sqlite > database file as is, and then install 4.1.8. I initiate a notify from my > hidden master, and lo and behold: > > Mar 29 15:20:05 offsite pdns_server[2177]: Received NOTIFY for > somezone.com from <ipv6 of hidden master> for which we are not > authoritative > Mar 29 15:20:06 offsite pdns_server[2177]: Created new slave zone > 'somezone.com from supermaster <ipv6 of hidden master> > > > My pdns.conf file is: > > allow-notify-from=<my hidden master> > cache-ttl=5 > include-dir=/etc/powerdns/pdns.d > launch= > local-address=<slave ipv4> > local-ipv6=<slave ipv6> > local-ipv6-nonexist-fail=no > log-dns-details=no > log-dns-queries=no > master=no > query-local-address=<slave ipv4> > query-local-address6=<slave ipv6> > query-logging=yes > retrieval-threads=2 > reuseport=yes > setgid=pdns > setuid=pdns > slave=yes > > > Any ideas are welcome. See https://doc.powerdns.com/authoritative/settings.html#setting-supermaster It's a new setting in 4.2. -Otto > > > Thank you. > > > Mike- > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
