From ae533a19e612277cf5fe93806cba059a2cdc5eb7 Mon Sep 17 00:00:00 2001 From: bert hubert Date: Thu, 30 Oct 2014 10:19:55 +0100 Subject: [PATCH] document security polling feature --- pdns/docs/pdns.xml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index bfce6f117f..65788b6b07 100644 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -12967,6 +12967,30 @@ local0.err /var/log/pdns.err + Security polling + + As of Authoritative Server 3.4.1 and Recursor 3.6.2, PowerDNS products can poll the security status + of their respective versions. This polling, naturally, happens over DNS. If the result is that a given + version has a security problem, the software will report this at level 'Error' during startup, and + repeatedly during operations. + + + By default, security polling happens on the domain 'secpoll.powerdns.com', but this can be changed with the + security-poll-suffix. If this setting is made empty, no polling will take place. Organizations + wanting to host their own security zones can do so by changing this setting to a domain name under their control. + + + To make this easier, the zone used to host secpoll.powerdns.com is available here. + + + To enable distributors of PowerDNS to signal that they have backported versions, the PACKAGEVERSION compilation-time + macro can be used to set a distributor suffix. + + + Further implementation detail on this feature can be found here. Furthermore, there is a post about it on our blog. + + + Considerations In general, make sure that the PDNS process is unable to execute commands on your backend database. -- 2.47.2