[nsd-users] NSD no receiving Notifies

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Feb 3 15:13:59 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

How did you add it to the zone.list file?  If you edit the file
manually, NSD does not pickup the changes while it is running; and in
fact (may) overwrite your edits when it closes.  Do you see the zone
with nsd-control zonestatus ?

Best regards,
   Wouter

On 02/03/2014 03:55 PM, Sofía Silva Berenguer wrote:
> Thank you for replying Wouter!
> 
> The zone is listed in the zone.list file and it's spelled
> correctly. I added it using a pattern which includes both the
> allow-notify and the request-xfr lines:
> 
> allow-notify: <master> NOKEY request-xfr: <master> NOKEY
> 
> How can I check that the zone was correctly added?
> 
> I'm sorry for asking so basic questions but I'm a newby with NSD.
> 
> Thank you a lot for your help!
> 
> Regards,
> 
> Sofía
> 
> El 03/02/14 12:35, W.C.A. Wijngaards escribió:
>> Hi Sofía,
> 
>> On 02/03/2014 03:03 PM, Sofía Silva Berenguer wrote:
>>> Dear nsd-users members,
> 
>>> I've installed Unbound and Nsd on a Centos 6.5 server.
> 
>>> NSD is the secondary (slave) name server for some zones. The 
>>> primary (master) for those zones is a BIND server.
> 
>>> Unbound is listening on the port 53 and NSD is listening on the
>>>  port 53530.
> 
>>> The master is set up to send notifies to the port 53530 of the
>>>  slave server. (also-notify <slave IP address> port 53530)
> 
>>> I'm having some issues when a zone is updated on the master.
>>> The master sends the notifies to the right port (53530). I can
>>> see the notifies with a tcpdump but NSD doesn't transfer the
>>> zone. I don't even see any message in the NSD log saying it
>>> received the notifies. (the "verbosity" parameter is set to
>>> 2).
> 
>>> If NSD requests the transfer (nsd-control transfer <zone>) the
>>>  transfer works. It just doesn't work when the transfer is 
>>> support to be initiated by a notify sent by the master.
> 
>>> I've already checked iptables and it is accepting connections
>>> to the port 53530.
> 
>>> I've even trying stopping Unbound and setting up NSD to listen 
>>> on the port 53 just in case this issue has anything to do with 
>>> the non-standard port being used, but it didn't work either.
> 
>>> Is there anything else I could check?
> 
>> Have you checked that your NSD configuration allows the notify, 
>> with the allow-notify: <master-ipaddress> NOKEY   statement.
>> With verbosity 2 it should print allowed or refused for almost
>> all notifies.
> 
>> If NSD does not host the zone, then it prints nothing at
>> verbosity 2, instead it returns 'nxdomain' rcode to the master.
>> Do you have the zone name spelled correctly in the NSD
>> configuration?
> 
>> The zone should also have a request-xfr: <master ipadress> NOKEY 
>> in the nsd.conf file, so that it knows where to transfer the
>> zone from.
> 
>> If you are using TSIG, try to disable it, if the TSIG fails
>> (i.e. you have the wrong TSIG key) then NSD will also not print a
>> log entry.
> 
>>> Are you aware of any incompatibility between a BIND master and
>>> a NSD slave?
> 
>> No, this should work.
> 
>> Best regards, Wouter
> 
>> _______________________________________________ nsd-users
>> mailing list nsd-users at NLnetLabs.nl 
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS77I3AAoJEJ9vHC1+BF+NpQcQAI+K0Tryly6XV3/4B8dJqS7F
dbA5oV7luYDBI2D/JLe17PhWaM2L8Bhm99pyBx7y3q1jcRsYlnA265GBe4g/8deI
gV0+0GdrsW0SlMnH6uijGyEEchLR9AfsazNZV72Nex+x3Rlm2hnMerRLObYzS67l
6bh5QuLePAUW1IfR0MMgOAXtRxDduJyvSB6etUCfldyUDQtgzsm2H48gbN80+Cyo
TZk3vOknUvfWiiQFIni69D8JYUl3bUVvqMLUPDsTwC7pyyV6K2cSYICznk+EiZIw
/2G3G4H3X2LX+Rld4bU4Vs9vOnt7Wbsh530QkBV4zOKZingQfZQHyvek9S5myG6t
kJuTZTxJ5GcMtzJC3eWMU9KXq8tgNS2SCVdj8ybi5NsMQCZa6Z1Q9XVpLqq2qAd+
PTx3RNhSA+YaXZiJHsczf6mSc/ubId3S0tMaaUJU+Nk+ygGsmhJZ37ErKWq54Ssb
Cu9a04Mt22D4kn1UW9V468nIs5BIafVtsjEwN/RTQOe2Pn2C7iuHNekibbHsjysd
fbEbQoz6uNGZnvV24AyPfB33k39X4gTcV7sHEWURyLr/NLo2ZoZLYXHPxeweqUV0
ahe/BIgI32cdSFn9m5KhMrnUR77p0Yl6MigLm5RseAmeUg+Ie3O4sfa1rAuViSf7
jEGFVKz/Up5tdTdfpw8y
=viOh
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list