[nsd-users] nsd refusing secondary AXFR

shmick at riseup.net shmick at riseup.net
Wed Sep 10 12:20:25 UTC 2014


please can i have some help regarding this

ive setup nsd as primary with NOKEY

my domain registrar secondary DS cannot handle TSIG

my zone file is signed NSEC3SHA1

each time the designated secondary NS requests AXFR, my nsd server sends
REFUSED which i can see from tcpdumps

ive setup debug logging and it reports:

info: axfr for zone example.com. from client refused, no acl matches

ive simply setup it as followed in nsd.conf & no problems with nsd-checkconf

    name: example.com.
    zonefile: example.com.signed
    notify: at 53 NOKEY
    provide-xfr: at 53 NOKEY


    port: 53

    server-count: 1

    username: nsd

    do-ip4: yes

    do-ip6: no

    hide-version: yes

    identity: ""

    ipv4-edns-size: 4096

    zonesdir: "/etc/nsd"

    zonefiles-check: yes

    verbosity: 2

    debug-mode: yes

    logfile: "/etc/nsd/nsd.log"

its running from debian jessie amd-64

what could it be ?

More information about the nsd-users mailing list