From: bert hubert Date: Tue, 7 Jun 2016 11:29:40 +0000 (+0200) Subject: ixfr documentation X-Git-Tag: rec-4.0.0-rc1~4^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F3949%2Fhead;p=thirdparty%2Fpdns.git ixfr documentation --- diff --git a/docs/markdown/authoritative/domainmetadata.md b/docs/markdown/authoritative/domainmetadata.md index 234d938b78..5403fd3640 100644 --- a/docs/markdown/authoritative/domainmetadata.md +++ b/docs/markdown/authoritative/domainmetadata.md @@ -25,7 +25,7 @@ insert into domainmetadata (domain_id, kind, content) values (7,'ALLOW-AXFR-FROM To dissallow all IP's, except those explicitly allowed by domainmetadata records, add `allow-axfr-ips=` to `pdns.conf`. ## AXFR-SOURCE -The IP address to use as a source address for sending AXFR requests. +The IP address to use as a source address for sending AXFR and IXFR requests. ## ALLOW-DNSUPDATE-FROM, TSIG-ALLOW-DNSUPDATE, FORWARD-DNSUPDATE, SOA-EDIT-DNSUPDATE See the documentation on [Dynamic DNS update](dnsupdate.md) @@ -45,6 +45,9 @@ Allow this GSS principal to perform AXFR retrieval. Most commonly it is ## GSS-ACCEPTOR-PRINCIPAL Use this principal for accepting GSS context. (See [GSS-TSIG support](tsig.md#gss-tsig-support)). +## IXFR +If set to 1, attempt IXFR when retrieving zone updates. Otherwise IXFR is not attempted. + ## LUA-AXFR-SCRIPT Script to be used to edit incoming AXFRs, see [Modifying a slave zone using a script](modes-of-operation.md#modifying-a-slave-zone-using-a-script). diff --git a/docs/markdown/authoritative/modes-of-operation.md b/docs/markdown/authoritative/modes-of-operation.md index f2d13cc2bd..a38fca24a3 100644 --- a/docs/markdown/authoritative/modes-of-operation.md +++ b/docs/markdown/authoritative/modes-of-operation.md @@ -85,7 +85,26 @@ PowerDNS supports multiple masters. For the BIND backend, the native BIND configuration language suffices to specify multiple masters, for SQL based backends, list all master servers separated by commas in the 'master' field of the domains table. -Since version 4.0.0, PowerDNS requires that masters sign their notifications. During transition and interoperation with other nameservers, you can use options **allow-unsigned-notify** to permit unsigned notifications. For 4.0.0 this is turned off by default, but it might be turned on permanently in future releases. +Since version 4.0.0, PowerDNS requires that masters sign their +notifications. During transition and interoperation with other nameservers, +you can use options **allow-unsigned-notify** to permit unsigned +notifications. For 4.0.0 this is turned off by default, but it might be +turned on permanently in future releases. + +## IXFR: incremental zone transfers +If the 'IXFR' zone metadata item is set to 1 for a zone, PowerDNS will attempt to retrieve +zone updates via IXFR. + +As of 4.0.0, if a slave zone changes from non-DNSSEC to DNSSEC, an IXFR +update will not set the PRESIGNED flag. In addition, a change in NSEC3 mode +will also not be picked up. + +In such cases, make sure to delete the zone contents to force a fresh retrieval. + +Finally, IXFR updates that "plug" Empty Non Terminals do not yet remove ENT +records. A 'pdnsutil rectify-zone' may be required. + +PowerDNS itself is currently only able to retrieve updates via IXFR. It can not serve IXFR updates. ## Supermaster: automatic provisioning of slaves PowerDNS can recognize so called 'supermasters'. A supermaster is a host which is