[nsd-users] nsdc update failed

Matthijs Mekking matthijs at NLnetLabs.nl
Wed Jan 5 10:38:20 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again:),

The nsdc update bug should now have been fixed in trunk.
Also, nsdc can now handle tsig algorithms other than hmac-md5.

Thanks for your reports.

Best regards,

Matthijs

On 01/03/2011 02:00 PM, Andreas Schulze wrote:
> Hello again,
> 
> here is my second problem for today.
> nsdc update at a slave server failed with this:
> 
> Sending notify to localhost to update secondary zones...
> Jan 03 13:41:25 nsd-notify[7399]: warning: no local address family matches remote address family, skipping server '127.0.0.1'
> Jan 03 13:41:25 nsd-notify[7400]: warning: bad reply from ::1 for zone example.com., error response REFUSED (5).
> 
> If I remove the difffile, xfrdfile and database,
> rebuild the database and start nsd, then the slave fetches the zones from the master.
> All zonetransfer and notify is configured to use IPv6 and TSIG.
> Both server do not listen to 127.0.0.1 or ::1 
> 
> nsd-master.conf
> zone:
> 	name: "example.com"
> 	zonefile: "/etc/nsd/zones/example.com"
> 	notify: <slaves ipv6 address> notify-key
> 	provide-xfr: <slaves ipv6 address> xfer-key
> 	outgoing-interface: master ipv6 address> NOKEY
> 	allow-axfr-fallback: yes
> 
> nsd-slave.conf
> zone:
> 	name "example.com"
> 	zonefile: "/etc/nsd/zones.slave/example.com"
> 	allow-notify: 127.0.0.1 NOKEY
> 	allow-notify: ::1 NOKEY
> 	allow-notify: <master ipv6 address> notify-key
> 	request-xfr: AXFR <master ipv6 address> xfer-key
> 	outgoing-interface: <slave ipv6 address> NOKEY
> 	allow-axfr-fallback: yes
> 
> both config-files:
> key:
>         name: "notify-key"
>         algorithm: "hmac-md5"
>         secret: "<base64-data>"
> 
> key:
>         name: "xfer-key"
>         algorithm: "hmac-sha256"
>         secret: "<base64-data>"
> 
> Funny to note, that the notify-key cannot be a hmac-sha256 ...
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNJEocAAoJEA8yVCPsQCW5KckH/ihkynZOjou9eeFgRjOOXvgI
KWq/Ik8Lqplzn7xYJrFcRwHZGIOiiYap60KdXYcr64fZO0WfAhlrU6qCaw5bENbg
ExZV2aHysRAWp3khJP7JemAXSfBJPl51DteMHTLWwG3tmIjGG0aAjkwaMAwEUX2V
Gwb98V+Ak4L6QUJFLJ4hku05CzhjcHrrpQNoAYywt92ldT3wAlGJ+hNenXY02GeL
aaoiX14wt3eyIkjkJ/ytPOkTxJENtiJjLHt4mOGUiiJi52UqKcEyCLcyog+3W67V
O/seq/8HWyk4eVO69zy3K2RlUOB0SdZT046ACZKmwTMGs9iQcKfCJCaAYx+R7zo=
=AQCz
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list