From: bert hubert Date: Wed, 22 Oct 2014 18:54:40 +0000 (+0200) Subject: add our security zone, plus update documentation X-Git-Tag: rec-3.7.0-rc1~191 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=550328f17fa82f05ef1dc9f1006e6c00883f8afe;p=thirdparty%2Fpdns.git add our security zone, plus update documentation --- diff --git a/pdns/docs/secpoll.zone b/pdns/docs/secpoll.zone new file mode 100644 index 0000000000..923a9c478c --- /dev/null +++ b/pdns/docs/secpoll.zone @@ -0,0 +1,8 @@ +@ 86400 IN SOA powerdnssec1.ds9a.nl. ahu.ds9a.nl. 1343746995 10800 3600 604800 10800 +@ 3600 IN NS powerdnssec1.ds9a.nl. +@ 3600 IN NS powerdnssec2.ds9a.nl. +auth-3.4.0.security-status 60 IN TXT "1 OK" +recursor-3.6.0.security-status 60 IN TXT "3 Upgrade now, see http://doc.powerdns.com/html/powerdns-advisory-2014-01.html" +recursor-3.6.1.security-status 60 IN TXT "1 OK" + + diff --git a/pdns/docs/security-poll.md b/pdns/docs/security-poll.md index 8e83aab78f..c5e63c2f08 100644 --- a/pdns/docs/security-poll.md +++ b/pdns/docs/security-poll.md @@ -47,7 +47,7 @@ insecure to be secure in reality. To solve this issue, PowerDNS can be compiled with a distribution setting which will move the security polls from: 'auth-x.y.z.security-status.secpoll.powerdns.com' to -'auth-x.y.z-n.security-status.debian.secpoll.powerdns.com +'auth-x.y.z-n.debian.security-status.secpoll.powerdns.com Note two things, one, there is a separate namespace for debian, and secondly, we use the package version of this release. This allows us to know @@ -58,10 +58,10 @@ The configuration setting 'security-poll-suffix' is by default set to 'secpoll.powerdns.com'. If empty, nothing is polled. This can be moved to 'secpoll.yourorganization.com'. -If compiled with DISTRIBUTION=dist PACKAGEVERSION=3.1.6-abcde, queries will be sent to -"auth-3.1.6-abcde.dist.security-poll-suffix". +If compiled with PACKAGEVERSION=3.1.6-abcde.debian, queries will be sent to +"auth-3.1.6-abcde.debian.security-status.security-poll-suffix". ## Delegation If a distribution wants to host its own file with version information, we -can delegate dist.secpoll.powerdns.com to their nameservers directly. +can delegate dist.security-status.secpoll.powerdns.com to their nameservers directly.