thr3ads.net - nsd users - [nsd-users] Poison in AXFR transport from Windows Server DNS [Nov 2010]

If this information is useful, please help other people find it:
Share via:

Richard Kuchar

2010-Nov-12 16:33 UTC

[nsd-users] Poison in AXFR transport from Windows Server DNS

Hi,

more primary DNS servers. Thers no problem using it with BIND primary
server. However AXFR transfer from primary Windows Server 200(3|8) DNS
servers include poison A entry like:

; NSD version 2.3.7
; zone 'domain.tld.'   first transfer
; from 1.2.3.4 using AXFR at Fri Nov 12 17:18:53 2010
; NOT TSIG verified
$ORIGIN tld.
domain        3600    IN      SOA     ns.windows.tld.
hostmaster.domain.tld. ( 73 900 600 86400 3600 )
        3600    IN      NS      ns.windows.tld.
        3600    IN      NS      ns2.nsd.tld.

...

$ORIGIN windows.tld.
ns      3600    IN      A       1.2.3.4
$ORIGIN nsd.tld.
ns2     3600    IN      A       10.20.30.40
$ORIGIN domain.tld.


That A entry in transfered data cause compile error in zonec.
Both (zonec and nsd-xfer) are called by nsdc.

Is there any solution to discard this poison entry on transfer?

-- 
Best Regards!

Richar Kuchar
1st ART Studio s.r.o.
Kon?vova 1271/101
Praha 3, 130 00

Ondřej Surý

2010-Nov-14 10:13 UTC

head link

[nsd-users] Poison in AXFR transport from Windows Server DNS

Hi Richard,

I would guess that there would be an option on Microsoft DNS to not
inject those lines into the zone transfer, but if there is not, then
you can try to run it from a cron using script like this:

#!/bin/bash
set -e
TMPFILE1=$(mktemp zone.XXXXXX)
dig IN AXFR @windows_primary zone > $TMPFILE1
TMPFILE2=$(mktemp zone.XXXXXX)
< $TMPFILE1 grep -v "remove_the_poison" > $TMPFILE2
cp $TMPFILE2 $ZONEFILE
rndc reload
# temp files are retained if something goes wrong
rm -f $TMPFILE1 $TMPFILE2

Ondrej

On Fri, Nov 12, 2010 at 17:33, Richard Kuchar <r.kuchar at 1art.cz>
wrote:> Hi,
>
> more primary DNS servers. Thers no problem using it with BIND primary
> server. However AXFR transfer from primary Windows Server 200(3|8) DNS
> servers include poison A entry like:
>
> ; NSD version 2.3.7
> ; zone 'domain.tld.' ? first transfer
> ; from 1.2.3.4 using AXFR at Fri Nov 12 17:18:53 2010
> ; NOT TSIG verified
> $ORIGIN tld.
> domain ? ? ? ?3600 ? ?IN ? ? ?SOA ? ? ns.windows.tld.
> hostmaster.domain.tld. ( 73 900 600 86400 3600 )
> ? ? ? ?3600 ? ?IN ? ? ?NS ? ? ?ns.windows.tld.
> ? ? ? ?3600 ? ?IN ? ? ?NS ? ? ?ns2.nsd.tld.
>
> ...
>
> $ORIGIN windows.tld.
> ns ? ? ?3600 ? ?IN ? ? ?A ? ? ? 1.2.3.4
> $ORIGIN nsd.tld.
> ns2 ? ? 3600 ? ?IN ? ? ?A ? ? ? 10.20.30.40
> $ORIGIN domain.tld.
>
>
> That A entry in transfered data cause compile error in zonec.
> Both (zonec and nsd-xfer) are called by nsdc.
>
> Is there any solution to discard this poison entry on transfer?
>
> --
> Best Regards!
>
> Richar Kuchar
> 1st ART Studio s.r.o.
> Kon?vova 1271/101
> Praha 3, 130 00
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>


-- 
?Ond?ej Sur? <ondrej at sury.org>

nsd users - Nov 2010 - Poison in AXFR transport from Windows Server DNS

[nsd-users] Poison in AXFR transport from Windows Server DNS

[nsd-users] Poison in AXFR transport from Windows Server DNS