search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.67k stars 907 forks source link

AXFR from tinydnsbackend does not respect location specifiers #12083

Open rcalpha opened 2 years ago

rcalpha commented 2 years ago

Records that have client location is not being listed in an AXFR transfer.

However the missing records is resolved successfully using a query, with the expected result both cases, inside and outside client location. The issue is in AXFR only not the query.

To reproduce the issue, I used DJBDNS to make an AXFR for control test. I compared the AXFR using PowerDNS with tinyDNS backend, and PowerDNS has missing entries. Both using the same data.cdb file with entry that use client location field.

PowerDNS: 4.5.3-1 backend: tinyDNS DNSSEC: no OS: Ubuntu server 22.04.1

Habbie commented 2 years ago

Does the AXFR become correct if you set tinydns-locations=no?

Habbie commented 1 year ago

The docs for tinydns-locations currently say:

Enable or Disable location support in the backend. Changing the value to ‘no’ will make the backend ignore the locations. This then returns all records. When the setting is changed to ‘no’ an AXFR will also return all the records. With the setting on ‘yes’ an AXFR will only return records without a location.

So, it looks like the current behaviour is correct in the sense that it matches the documentation.

Because of the way things are designed inside PowerDNS, making AXFR actually location aware is not easy right now.

I'm open to changing the behaviour so that tinydns-locations=yes also returns all records, or perhaps adding a third value to this option that would allow the AXFR behaviour to be specified independently of normal query behaviour.

rcalpha commented 1 year ago

Sorry the delay, quite busy,

About the questions:

Does the AXFR become correct if you set tinydns-locations=no

No, it list all records ignoring the location of the client

Because of the way things are designed inside PowerDNS, making AXFR actually location aware is not easy right now.

I understand

I use axfr to validate results of DNS entries with location, to compare from inside and outside view. To do test, I use axfrdns from djbdns/dbndns

I'm currently finding a migration path away from dbndns/djbdns because there is an issue in ubuntu 22.04 which includes again the packages. Even compiling by my self for ubuntu 22.04 have the same issue. In ubuntu 20.04 the recompiled by me works. dbndns/djbdns is not included in ubuntu 18.04 and 20.04

Habbie commented 1 year ago

Right. I guess you'll have to dig individual records to test, instead.