[nsd-users] Poison in AXFR transport from Windows Server DNS

Ondřej Surý ondrej at sury.org
Sun Nov 14 10:13:16 UTC 2010


Hi Richard,

I would guess that there would be an option on Microsoft DNS to not
inject those lines into the zone transfer, but if there is not, then
you can try to run it from a cron using script like this:

#!/bin/bash
set -e
TMPFILE1=$(mktemp zone.XXXXXX)
dig IN AXFR @windows_primary zone > $TMPFILE1
TMPFILE2=$(mktemp zone.XXXXXX)
< $TMPFILE1 grep -v "remove_the_poison" > $TMPFILE2
cp $TMPFILE2 $ZONEFILE
rndc reload
# temp files are retained if something goes wrong
rm -f $TMPFILE1 $TMPFILE2

Ondrej

On Fri, Nov 12, 2010 at 17:33, Richard Kuchar <r.kuchar at 1art.cz> wrote:
> Hi,
>
> more primary DNS servers. Thers no problem using it with BIND primary
> server. However AXFR transfer from primary Windows Server 200(3|8) DNS
> servers include poison A entry like:
>
> ; NSD version 2.3.7
> ; zone 'domain.tld.'   first transfer
> ; from 1.2.3.4 using AXFR at Fri Nov 12 17:18:53 2010
> ; NOT TSIG verified
> $ORIGIN tld.
> domain        3600    IN      SOA     ns.windows.tld.
> hostmaster.domain.tld. ( 73 900 600 86400 3600 )
>        3600    IN      NS      ns.windows.tld.
>        3600    IN      NS      ns2.nsd.tld.
>
> ...
>
> $ORIGIN windows.tld.
> ns      3600    IN      A       1.2.3.4
> $ORIGIN nsd.tld.
> ns2     3600    IN      A       10.20.30.40
> $ORIGIN domain.tld.
>
>
> That A entry in transfered data cause compile error in zonec.
> Both (zonec and nsd-xfer) are called by nsdc.
>
> Is there any solution to discard this poison entry on transfer?
>
> --
> Best Regards!
>
> Richar Kuchar
> 1st ART Studio s.r.o.
> Koněvova 1271/101
> Praha 3, 130 00
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>



-- 
Ondřej Surý <ondrej at sury.org>




More information about the nsd-users mailing list