530700 – net-dns/pdns-3.4.0 doesn't honour SOA-EDIT during empty IXFR fallback

Bug 530700 - net-dns/pdns-3.4.0 doesn't honour SOA-EDIT during empty IXFR fallback

Summary: net-dns/pdns-3.4.0 doesn't honour SOA-EDIT during empty IXFR fallback

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Wegener

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-26 01:09 UTC by James Taylor
Modified:	2014-12-26 07:14 UTC (History)
CC List:	0 users

See Also:	https://github.com/PowerDNS/pdns/issues/1835
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description James Taylor 2014-11-26 01:09:57 UTC

net-dns/pdns-3.4.0 doesn't honour SOA-EDIT during empty IXFR fallback, causing slaves to go out of sync, and in the case of DNSSEC, serving stale RRSIGS resulting in Denial of Service

This issue is fixed in the 3.4.1 release of PowerDNS, especially with this issue: https://github.com/PowerDNS/pdns/issues/1835

Expected results: Slaves would attempt an AXFR of the zone and remain in sync with the master

Actual results: Slaves don't AXFR the zone, and remain serving stale records

Comment 1 James Taylor 2014-12-26 07:14:51 UTC

Closing due to pdns-3.4.1 being merged into the portage tree