[nsd-users] [PARTIALLY SOLVED] zones with TLSA records fail to transfer to opendnssec

Benno Overeinder benno at NLnetLabs.nl
Mon Apr 27 21:54:31 UTC 2015

Thanks Michael for reporting back.  We will keep track of issues with
NAT66 and xfr-transfers.

Best regards,

-- Benno

On 26/04/15 21:49, Michael Grimm wrote:
> Hi —
> Michael Grimm <trashcan at odo.in-berlin.de> wrote:
>> All failing zones do have TLSA records in contrast to those zones transfering well.
> Well, I do have to report that neither opendnssec nor nsd is to "blame" regarding this issue.
> No, it was correlated with my attempts to implement NAT66 some weeks ago. NATing http, smtp, and most other protocols do work well, but the domain protocol might have some issues with FBSD's pf firewall and it's NAT66 implementation, though. Reverting back to IPv6 to IPV6 communication without NAT66 brought back full xfr-ing of my "problematic" zonefiles.
> I really don't understand it, and I do not have the capabilities of understanding the technical background, but anyway, it's working again ;-)
> Thanks for listening, and regards,
> Michael
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Benno J. Overeinder
NLnet Labs

More information about the nsd-users mailing list