From: bert hubert Date: Thu, 30 Oct 2014 09:19:55 +0000 (+0100) Subject: document security polling feature X-Git-Tag: rec-3.7.0-rc1~182 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ae533a19e612277cf5fe93806cba059a2cdc5eb7;p=thirdparty%2Fpdns.git document security polling feature --- diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index bfce6f117f..65788b6b07 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -12967,6 +12967,30 @@ local0.err /var/log/pdns.err + Security polling + + As of Authoritative Server 3.4.1 and Recursor 3.6.2, PowerDNS products can poll the security status + of their respective versions. This polling, naturally, happens over DNS. If the result is that a given + version has a security problem, the software will report this at level 'Error' during startup, and + repeatedly during operations. + + + By default, security polling happens on the domain 'secpoll.powerdns.com', but this can be changed with the + security-poll-suffix. If this setting is made empty, no polling will take place. Organizations + wanting to host their own security zones can do so by changing this setting to a domain name under their control. + + + To make this easier, the zone used to host secpoll.powerdns.com is available here. + + + To enable distributors of PowerDNS to signal that they have backported versions, the PACKAGEVERSION compilation-time + macro can be used to set a distributor suffix. + + + Further implementation detail on this feature can be found here. Furthermore, there is a post about it on our blog. + + + Considerations In general, make sure that the PDNS process is unable to execute commands on your backend database.