[nsd-users] NSD no receiving Notifies

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Feb 3 15:49:27 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Sofia,

Is your computer configured with a firewall that blocks traffic to
port 53530?  Otherwise, I am also getting out of ideas, with the zone
and allow-notify configured, NSD prints what happens with verbosity
> =2.  Nothing is printed, so I assume NSD does not actually get the
packet.

Best regards,
   Wouter

On 02/03/2014 04:38 PM, Sofía Silva Berenguer wrote:
> Wouter,
> 
> I defined the pattern in nsd.conf and then added the zone with 
> nsd-control addzone <zone> <pattern>. I didn't edit the file
> manually.
> 
> I do see the zone with nsd-control zonestatus <zone>.
> 
> Regards,
> 
> Sofia
> 
> El 03/02/14 13:13, W.C.A. Wijngaards escribió:
>> Hi,
> 
>> How did you add it to the zone.list file?  If you edit the file 
>> manually, NSD does not pickup the changes while it is running;
>> and in fact (may) overwrite your edits when it closes.  Do you
>> see the zone with nsd-control zonestatus ?
> 
>> Best regards, Wouter
> 
>> On 02/03/2014 03:55 PM, Sofía Silva Berenguer wrote:
>>> Thank you for replying Wouter!
> 
>>> The zone is listed in the zone.list file and it's spelled 
>>> correctly. I added it using a pattern which includes both the 
>>> allow-notify and the request-xfr lines:
> 
>>> allow-notify: <master> NOKEY request-xfr: <master> NOKEY
> 
>>> How can I check that the zone was correctly added?
> 
>>> I'm sorry for asking so basic questions but I'm a newby with 
>>> NSD.
> 
>>> Thank you a lot for your help!
> 
>>> Regards,
> 
>>> Sofía
> 
>>> El 03/02/14 12:35, W.C.A. Wijngaards escribió:
>>>> Hi Sofía,
> 
>>>> On 02/03/2014 03:03 PM, Sofía Silva Berenguer wrote:
>>>>> Dear nsd-users members,
> 
>>>>> I've installed Unbound and Nsd on a Centos 6.5 server.
> 
>>>>> NSD is the secondary (slave) name server for some zones.
>>>>> The primary (master) for those zones is a BIND server.
> 
>>>>> Unbound is listening on the port 53 and NSD is listening
>>>>> on the port 53530.
> 
>>>>> The master is set up to send notifies to the port 53530 of 
>>>>> the slave server. (also-notify <slave IP address> port 
>>>>> 53530)
> 
>>>>> I'm having some issues when a zone is updated on the
>>>>> master. The master sends the notifies to the right port
>>>>> (53530). I can see the notifies with a tcpdump but NSD
>>>>> doesn't transfer the zone. I don't even see any message in
>>>>> the NSD log saying it received the notifies. (the
>>>>> "verbosity" parameter is set to 2).
> 
>>>>> If NSD requests the transfer (nsd-control transfer <zone>) 
>>>>> the transfer works. It just doesn't work when the transfer
>>>>> is support to be initiated by a notify sent by the master.
> 
>>>>> I've already checked iptables and it is accepting 
>>>>> connections to the port 53530.
> 
>>>>> I've even trying stopping Unbound and setting up NSD to 
>>>>> listen on the port 53 just in case this issue has anything
>>>>> to do with the non-standard port being used, but it didn't
>>>>> work either.
> 
>>>>> Is there anything else I could check?
> 
>>>> Have you checked that your NSD configuration allows the
>>>> notify, with the allow-notify: <master-ipaddress> NOKEY
>>>> statement. With verbosity 2 it should print allowed or
>>>> refused for almost all notifies.
> 
>>>> If NSD does not host the zone, then it prints nothing at 
>>>> verbosity 2, instead it returns 'nxdomain' rcode to the 
>>>> master. Do you have the zone name spelled correctly in the
>>>> NSD configuration?
> 
>>>> The zone should also have a request-xfr: <master ipadress> 
>>>> NOKEY in the nsd.conf file, so that it knows where to
>>>> transfer the zone from.
> 
>>>> If you are using TSIG, try to disable it, if the TSIG fails 
>>>> (i.e. you have the wrong TSIG key) then NSD will also not
>>>> print a log entry.
> 
>>>>> Are you aware of any incompatibility between a BIND master 
>>>>> and a NSD slave?
> 
>>>> No, this should work.
> 
>>>> Best regards, Wouter
> 
>>>> _______________________________________________ nsd-users 
>>>> mailing list nsd-users at NLnetLabs.nl 
>>>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> 
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJS77qHAAoJEJ9vHC1+BF+NH4IQAJKRR+uinAmqi4FuTUTeTM8W
cgItNDhVh9zfBlA5oA0aj6uJz3VqZa2GIMvc1ZbI8UVsk4B+9qgV8nCp9NMLMY2v
QM/UkTUcCJtB60htqdFRCMcge4XD+tWAr0R8gY+RjC1Fnf8LS+y2x5ixIL8tSkrj
YguWxccsiTQN8AwhDQfbnpuVR6RCxZjS+be88igiR5vasBjTCzIRmyvJU0PyS+Nq
8Qb+wbkcApx+OHzovQ5JmSn9BygcDWxeFKk5q9QUNEQqgLBUMZEuEuV/M7/yJNZH
xvTsKvKnmv3B+b0J+xDlR6cnGASPY50ISKoVttekh7szI6nR8knxtvUrfckZU7We
vHBPNYH0DKhW/zVblXjfJuBhQ3lnBopc90adVHXqdLWO3URDhc9kBiFL9c+dB/B+
Xkvl/1BSBVdrSEr6YsCf/QJcTlZxVf/sVO/LFFuMogQ4cs9aX5gn07bxU8Ue7vYA
kmVOOYINHpUfunc8WwMLFAv3ucyn4FRCHqG4bUCiuNY6zWjoGO1b9COU8zlZF6J3
eh8ynHMDvyKSJbWdbNafMCZD/K7DRLH0IuwQaoot7XNGkFMp3/mLHVRpkNqgmHbE
KHQL9gpUG/69gv00+KI0t9FXB9IePIyyMmUxU4WSKnTqa7leF7a17cBNSHN+zrxh
vZRKozGq4BxmYEY7dG/N
=1iLc
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list