[nsd-users] Poison in AXFR transport from Windows Server DNS
Ondřej Surý
ondrej at sury.org
Sun Nov 14 10:13:16 UTC 2010
Hi Richard,
I would guess that there would be an option on Microsoft DNS to not
inject those lines into the zone transfer, but if there is not, then
you can try to run it from a cron using script like this:
#!/bin/bash
set -e
TMPFILE1=$(mktemp zone.XXXXXX)
dig IN AXFR @windows_primary zone > $TMPFILE1
TMPFILE2=$(mktemp zone.XXXXXX)
< $TMPFILE1 grep -v "remove_the_poison" > $TMPFILE2
cp $TMPFILE2 $ZONEFILE
rndc reload
# temp files are retained if something goes wrong
rm -f $TMPFILE1 $TMPFILE2
Ondrej
On Fri, Nov 12, 2010 at 17:33, Richard Kuchar <r.kuchar at 1art.cz> wrote:
> Hi,
>
> more primary DNS servers. Thers no problem using it with BIND primary
> server. However AXFR transfer from primary Windows Server 200(3|8) DNS
> servers include poison A entry like:
>
> ; NSD version 2.3.7
> ; zone 'domain.tld.' first transfer
> ; from 1.2.3.4 using AXFR at Fri Nov 12 17:18:53 2010
> ; NOT TSIG verified
> $ORIGIN tld.
> domain 3600 IN SOA ns.windows.tld.
> hostmaster.domain.tld. ( 73 900 600 86400 3600 )
> 3600 IN NS ns.windows.tld.
> 3600 IN NS ns2.nsd.tld.
>
> ...
>
> $ORIGIN windows.tld.
> ns 3600 IN A 1.2.3.4
> $ORIGIN nsd.tld.
> ns2 3600 IN A 10.20.30.40
> $ORIGIN domain.tld.
>
>
> That A entry in transfered data cause compile error in zonec.
> Both (zonec and nsd-xfer) are called by nsdc.
>
> Is there any solution to discard this poison entry on transfer?
>
> --
> Best Regards!
>
> Richar Kuchar
> 1st ART Studio s.r.o.
> Koněvova 1271/101
> Praha 3, 130 00
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>
--
Ondřej Surý <ondrej at sury.org>
More information about the nsd-users
mailing list