[nsd-users] master to slave DNS notify and firewall
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Thu Jan 11 08:27:33 UTC 2018
Hi Robert,
On 10/01/18 22:55, Robert Blayzor wrote:
> Have one NSD master and multiple slave servers.
>
> Notify from master to slave w/ AXFR works, however, it doesn’t appear that the master server is getting the “ACK” back from the slave that notify has been received.
>
>
> Is there any info on the return traffic. I assume the master server is sending from unprived src port to dst port 53.
>
> Is the ACK sent back from 53 to the master server?
Yes the notify ACK is sent back from port 53. In code, by the server
process that handled the reception of the notify packet. Internally it
then gets transferred to the xfrd process that handles the zone transfer
itself.
Also note that the zone has to be configured to allow notifies from the
master, with allow-notify: <IPaddress> NOKEY. The IPAddress can be a
netblock (eg. IPaddress/24). Otherwise not only are they not answered,
they are also dropped and ignored. The timers from the SOA record then
cause zone transfers, this could be happening, I guess.
Best regards, Wouter
>
>
> --
> inoc.net!rblayzor
> XMPP: rblayzor.AT.inoc.net
> PGP: https://inoc.net/~rblayzor/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20180111/ed08b4cd/attachment.bin>
More information about the nsd-users
mailing list