[nsd-users] nsd refusing secondary AXFR
shmick at riseup.net
shmick at riseup.net
Wed Sep 10 15:10:25 UTC 2014
Anand Buddhdev wrote:
> On 10/09/2014 14:20, shmick at riseup.net wrote:
>
> Dear shmuck,
i don't mind the old shmuck if it will allow me to sleep tonight !
that's a trade off im willing to take
thanks
>
>> each time the designated secondary NS requests AXFR, my nsd server sends
>> REFUSED which i can see from tcpdumps
>>
>> ive setup debug logging and it reports:
>>
>> info: axfr for zone example.com. from client 1.2.3.4 refused, no acl matches
>>
>> ive simply setup it as followed in nsd.conf & no problems with nsd-checkconf
>>
>> zone:
>> name: example.com.
>> zonefile: example.com.signed
>> notify: 1.2.3.4 at 53 NOKEY
>> provide-xfr: 1.2.3.4 at 53 NOKEY
>
> This is your problem. You're telling the NSD master that the slave must
> connect from address 1.2.3.4 *and* source port 53. However, the slave
> will most likely use an ephemeral port number, so the ACL will not
> match. Change that to:
>
> provide-xfr: 1.2.3.4 NOKEY
>
> Regards,
>
> Anand Buddhdev
> RIPE NCC
>
More information about the nsd-users
mailing list