[nsd-users] nsd as master + slave

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Oct 20 07:33:08 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Andreas,

On 17/10/14 22:25, A. Schulze wrote:
> 
> W.C.A. Wijngaards:
> 
>> Are you trying to force updates without incrementing the SOA
>> serial number?  NSD expects you normally to increment the SOA
>> serial number, then reload the zone into the master, which then
>> sends a notify with this serial number to the slave which then
>> fetches the zone.
> 
> after $DISABLE_SSLv3_ANYWHERE I had some to look at my nsd
> servers. I did it exactly like suggested but no notify.
> 
> - vi /etc/nsd/zones/example.de $SOA++ - rsync
> /etc/nsd/zones/example.de /var/lib/nsd/etc/nsd/zones/example.de -
> nsd-control reload

This should so have worked, but it didn't work for you.  It all looks
fine, just this one config line:
         allow-notify: 2001:db8::1/128 NOKEY
The /128 is not necessary, and is that a corner case issue with
config? (just state the IP address without /netblocksize and it picks
it as a single address).

With verbosity 5 it may print more (i.e. sending notify), or tcpdump
to see which server is the problem (i.e. are notifies sent and not
received?)

Best regards,
   Wouter

> dig @2001:db8::1 example.de. soa -> new soa
> 
> dig @2001:db8::2 example.de. soa -> still old soa
> 
> I must state, that the servers in question are not mentioned in the
> zones NS data. May that be a reason?
> 
> master.conf ########### remote-control: control-enable: yes 
> server-key-file: /etc/nsd/ssl/nsd_server.key server-cert-file:
> /etc/nsd/ssl/nsd_server.pem control-key-file:
> /etc/nsd/ssl/nsd_control.key control-cert-file:
> /etc/nsd/ssl/nsd_control.pem server: chroot: "/var/lib/nsd" 
> statistics: 86400 verbosity: 2 ip-address: 2001:db8::1 zone: name:
> "example.de." zonefile: "/etc/nsd/zones/example.de" 
> outgoing-interface: 2001:db8::1 notify-retry: 5 notify: 2001:db8::2
> NOKEY provide-xfr: 2001:db8::2 NOKEY
> 
> slave.conf ########## remote-control: control-enable: yes 
> server-key-file: /etc/nsd/ssl/nsd_server.key server-cert-file:
> /etc/nsd/ssl/nsd_server.pem control-key-file:
> /etc/nsd/ssl/nsd_control.key control-cert-file:
> /etc/nsd/ssl/nsd_control.pem server: chroot: "/var/lib/nsd" 
> statistics: 86400 verbosity: 2 ip-address: 2001:db8::2 zone: name:
> "example.de." allow-notify: 2001:db8::1/128 NOKEY request-xfr:
> 2001:db8::1 NOKEY
> 
> 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJURLqqAAoJEJ9vHC1+BF+NhLwP/1SMmD193Ih8nhnfcSCJ7gES
tmO6Yb7JPr4z7HW0UmWGxW6KWEN4iMQQ7hZpAyO+9Ppl02pr5J/vOdWe6AKM2F17
6RA0XVT+EIDIeNhRp+kJGN2n5Q+Ur4+luJkRFoZKSxw966x5ckFlZUHGew1XCq3V
dV0tKScVb+SF/T/PpNJoyot20ncizTPAsMpYNX4RPS/z2tihXUzECOL2oOyV3kTt
PbKG4o4DrY61SeFLL/qPOEn+SablolNZL7AsH3dat3PQ5Ke2X2x5Ffzyz3qzgRWN
ROtKoONpYs7axDMrVvEV2v997Z0qashdnRnv96jjQW9f0pMezQYX4mqeoI5RsIev
ds/nOV1mgnvvb5BtDlrZnqrKQt7S5JxTKXDoTUI+6ULYNFTbHraIFRv8TAqgpkiM
lbisnI6Lxaxfnq5N3W5VmyRwnM47AagPzgqVzM7DTUPVxJzQoh1vJjGRDagRnNuo
gqwWMSSYt7rF3vvBERArcAPMDtTGmVd0mwuw929+V+2y5Gdik5zXufZq0GWBs2jT
7GGJpZhKG0k4c75k+xqXJ+4COezG2/8zw7IzQ51LrMnnkUXBmBQEwtmhgIo2kZMl
7VGddg8jA3ISySiKbGgqxSxuQGhrUIVilBYhvGLGllFvx3FP2M+CDs3/8ZpcqzUs
eofyMJJ9uCqyPSpRC0xS
=eIWs
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list