Allow AXFR NOTIFY from these IP ranges. Setting this to an empty string
will drop all incoming notifies.
+.. _setting-allow-unsigned-autoprimary:
+
+``allow-unsigned-autoprimary``
+------------------------------
+
+.. versionchanged:: 4.5.0
+ This was called :ref:`setting-allow-unsigned-supermaster` before 4.5.0.
+
+- Boolean
+- Default: yes
+
+Turning this off requires all autoprimary notifications to be signed by
+valid TSIG signature. It will accept any existing key on slave.
+
.. _setting-allow-unsigned-notify:
``allow-unsigned-notify``
``allow-unsigned-supermaster``
------------------------------
-- Boolean
-- Default: yes
-
-Turning this off requires all supermaster notifications to be signed by
-valid TSIG signature. It will accept any existing key on slave.
+.. deprecated:: 4.5.0
+ Renamed to :ref:`setting-allow-unsigned-autoprimary`.
.. _setting-also-notify:
::arg().setSwitch("send-signed-notify","Send TSIG secured NOTIFY if TSIG key is configured for a domain")="yes";
::arg().set("allow-unsigned-notify","Allow unsigned notifications for TSIG secured domains")="yes"; //FIXME: change to 'no' later
::arg().set("allow-unsigned-supermaster", "Allow supermasters to create zones without TSIG signed NOTIFY")="yes";
+ ::arg().set("allow-unsigned-autoprimary", "Allow autoprimaries to create zones without TSIG signed NOTIFY")="yes";
::arg().setSwitch("forward-dnsupdate","A global setting to allow DNS update packages that are for a Slave domain, to be forwarded to the master.")="yes";
::arg().setSwitch("log-dns-details","If PDNS should log DNS non-erroneous details")="no";
::arg().setSwitch("log-dns-queries","If PDNS should log all incoming DNS queries")="no";
string nameserver, account;
DNSBackend *db;
- if (!::arg().mustDo("allow-unsigned-supermaster") && tsigkeyname.empty()) {
+ if (!::arg().mustDo("allow-unsigned-autoprimary") && tsigkeyname.empty()) {
g_log<<Logger::Error<<"Received unsigned NOTIFY for "<<p.qdomain<<" from potential supermaster "<<remote<<". Refusing."<<endl;
return RCode::Refused;
}
if (::arg().mustDo("slave")) ::arg().set("secondary")="yes";
if (::arg().mustDo("slave-renotify")) ::arg().set("secondary-do-renotify")="yes";
if (::arg().mustDo("superslave")) ::arg().set("autosecondary")="yes";
+ if (::arg().mustDo("allow-unsigned-supermaster")) ::arg().set("allow-unsigned-autoprimary")="yes";
// this mirroring back is on purpose, so that config dumps reflect the actual setting on both names
if (::arg().mustDo("primary")) ::arg().set("master")="yes";
if (::arg().mustDo("secondary")) ::arg().set("slave")="yes";
if (::arg().mustDo("secondary-do-renotify")) ::arg().set("slave-renotify")="yes";
if (::arg().mustDo("autosecondary")) ::arg().set("superslave")="yes";
+ if (::arg().mustDo("allow-unsigned-autoprimary")) ::arg().set("allow-unsigned-supermaster")="yes";
g_log.setLoglevel((Logger::Urgency)(::arg().asNum("loglevel")));
g_log.disableSyslog(::arg().mustDo("disable-syslog"));
projects / thirdparty / pdns.git / commitdiff
