[nsd-users] acl match failure on solaris 9
Vicky Shrestha
vicky at geeks.net.np
Sun Apr 13 18:43:51 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks Wouter,
Indeed after prefixing with ::ffff: to the acl, notify is being
accepted.
However if I prefix it on 127.0.0.1 it will fail during nsdc update
with :
nsdc: Could not send notify for slave zone .: not configured (with
allow-notify: 127.0.0.1 or ::1)
if I have a acl with allow-notify: ::1 (the solaris doesn't have ipv6
interface)
[1208111418] nsd-notify[13692]: warning: timeout (1 s) expired, retry
notify to ::1.
The following combination is working for me
allow-notify: 127.0.0.1 NOKEY
allow-notify: ::ffff:192.168.0.1 NOKEY
Regards,
Vicky Shrestha
On Apr 12, 2008, at 15:19 PM, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Vicky,
>
> I think Solaris 9 (being a little old) forces ip4toip6 mapping. Can
> you
> try to enable ::ffff:127.0.0.1 style (4to6 mapped) addresses in your
> config?
>
> On other OSes NSD tries to disable the 4to6 mapping to avoid this.
>
> Best regards,
> ~ Wouter
>
> Vicky Shrestha wrote:
> | Hi,
> |
> | On solaris 9 host, the acl checking system is failing although
> proper
> | acl are in place.
> |
> | setting ip4-only: yes , seems to resolve the issue.
> |
> | [1207959794] nsd[9559]: info: got notify for zone: pch.net.; Refused
> | by acl: no acl matches .
> | [1207959795] nsd[9559]: info: got notify for zone: pch.net.; Refused
> | by acl: no acl matches .
> |
> | Regards,
> |
> |
> | Vicky Shrestha
> |
> |
> |
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFIAII6kDLqNwOhpPgRAqzGAKCU9/u4k4T6AFNdscZluyv6nFAbmACfdHpU
> 7zfsg974OFwfLyWXRT5S5GU=
> =deRJ
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iQEcBAEBAgAGBQJIAlRnAAoJEGi4SIJCvhMLA5sH/iPGPUgdMGMRmoACHUlTboUX
tak/DCPyPqJa0ZHzXoGYOwhQ3yt5r3l35vrMGTPlpMW0lqwDDqkzPo8COPfBEiBR
seQa5/SwOdY0SCvgGMIqBbC5ic4fE5C3H/YYlyTemqmcRNnNobgRyK2y9EbelBJ1
Wp1s3zGfLSkTpLRibjXcdU9sIIGS8FVXT1iBGrbyxLSmS/5nbY4GcnGbusp9nrwv
/J6k/9QOMyAaXYBSLYVLH5MsB2EP2pzlIfhTgTDSXMvhVuvjqaqLD6KOsojaNqW6
wT96/hddvkCWMX8Nt0jyqD+LaVJjlsI7CbrgCsMiNgPjFjd8TtkchWaDTGfzctU=
=P6xw
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list