[nsd-users] NSD no receiving Notifies

Mon Feb 3 15:38:44 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Wouter,

I defined the pattern in nsd.conf and then added the zone with
nsd-control addzone <zone> <pattern>. I didn't edit the file manually.

I do see the zone with nsd-control zonestatus <zone>.

Regards,

Sofia

El 03/02/14 13:13, W.C.A. Wijngaards escribió:
> Hi,
> 
> How did you add it to the zone.list file?  If you edit the file 
> manually, NSD does not pickup the changes while it is running; and
> in fact (may) overwrite your edits when it closes.  Do you see the
> zone with nsd-control zonestatus ?
> 
> Best regards, Wouter
> 
> On 02/03/2014 03:55 PM, Sofía Silva Berenguer wrote:
>> Thank you for replying Wouter!
> 
>> The zone is listed in the zone.list file and it's spelled 
>> correctly. I added it using a pattern which includes both the 
>> allow-notify and the request-xfr lines:
> 
>> allow-notify: <master> NOKEY request-xfr: <master> NOKEY
> 
>> How can I check that the zone was correctly added?
> 
>> I'm sorry for asking so basic questions but I'm a newby with
>> NSD.
> 
>> Thank you a lot for your help!
> 
>> Regards,
> 
>> Sofía
> 
>> El 03/02/14 12:35, W.C.A. Wijngaards escribió:
>>> Hi Sofía,
> 
>>> On 02/03/2014 03:03 PM, Sofía Silva Berenguer wrote:
>>>> Dear nsd-users members,
> 
>>>> I've installed Unbound and Nsd on a Centos 6.5 server.
> 
>>>> NSD is the secondary (slave) name server for some zones. The
>>>>  primary (master) for those zones is a BIND server.
> 
>>>> Unbound is listening on the port 53 and NSD is listening on
>>>> the port 53530.
> 
>>>> The master is set up to send notifies to the port 53530 of
>>>> the slave server. (also-notify <slave IP address> port
>>>> 53530)
> 
>>>> I'm having some issues when a zone is updated on the master. 
>>>> The master sends the notifies to the right port (53530). I
>>>> can see the notifies with a tcpdump but NSD doesn't transfer
>>>> the zone. I don't even see any message in the NSD log saying
>>>> it received the notifies. (the "verbosity" parameter is set
>>>> to 2).
> 
>>>> If NSD requests the transfer (nsd-control transfer <zone>)
>>>> the transfer works. It just doesn't work when the transfer is
>>>>  support to be initiated by a notify sent by the master.
> 
>>>> I've already checked iptables and it is accepting
>>>> connections to the port 53530.
> 
>>>> I've even trying stopping Unbound and setting up NSD to
>>>> listen on the port 53 just in case this issue has anything to
>>>> do with the non-standard port being used, but it didn't work
>>>> either.
> 
>>>> Is there anything else I could check?
> 
>>> Have you checked that your NSD configuration allows the notify,
>>>  with the allow-notify: <master-ipaddress> NOKEY   statement. 
>>> With verbosity 2 it should print allowed or refused for almost 
>>> all notifies.
> 
>>> If NSD does not host the zone, then it prints nothing at 
>>> verbosity 2, instead it returns 'nxdomain' rcode to the
>>> master. Do you have the zone name spelled correctly in the NSD 
>>> configuration?
> 
>>> The zone should also have a request-xfr: <master ipadress>
>>> NOKEY in the nsd.conf file, so that it knows where to transfer
>>> the zone from.
> 
>>> If you are using TSIG, try to disable it, if the TSIG fails 
>>> (i.e. you have the wrong TSIG key) then NSD will also not print
>>> a log entry.
> 
>>>> Are you aware of any incompatibility between a BIND master
>>>> and a NSD slave?
> 
>>> No, this should work.
> 
>>> Best regards, Wouter
> 
>>> _______________________________________________ nsd-users 
>>> mailing list nsd-users at NLnetLabs.nl 
>>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLvuAQACgkQ6pdkzarU61/NMAD/aPUO+I66JBm8UmT5q47968/n
2Za6+Hn2vfDUv2wrbvoBAIx7pxRazO2vieL/+p/usl1Fiq4hIfEDqvg6ZryhkPOK
=jyyw
-----END PGP SIGNATURE-----