[nsd-users] How to "debug" REFUSED for notify request

Vladimir Lomov lomov.vl at yandex.ru
Thu Oct 18 13:15:46 UTC 2018 

Hello,

I have two hosts running NSD: the primary and the secondary. The first
is configured to send updates of zone to the secondary and the second is
configured to get updates from the first host.

Until I added additional IPv6 addresses (one additional for each host)
this setup worked well. After I added second IPv6 address I see errors
on primary host:
-------------------- 8< -------------------- 8< ------------------------
"xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
-------------------- 8< -------------------- 8< ------------------------

How I could "debug" this "REFUSED" error?

This is configuration for primary host:
-------------------- 8< -------------------- 8< ------------------------
server:
  server-count:   1
  ip-address:     185.185.68.15
  ip-address:     2a0a:2b40::4:140
  ip-transparent: yes
  identity:       "VL-LOMOV domain master DNS"
  zonesdir:       "/etc/nsd"

zone:
  name:         "vl-lomov.ru"
  zonefile:     "vl-lomov.ru.forward"
  notify:        88.99.227.228             NOKEY
  provide-xfr:   88.99.227.228             NOKEY
  notify:        2a01:4f8:c0c:14c9::2      NOKEY
  provide-xfr:   2a01:4f8:c0c:14c9::2      NOKEY

remote-control:
  control-enable: yes
-------------------- 8< -------------------- 8< ------------------------

This is coniguration for secondary host.
-------------------- 8< -------------------- 8< ------------------------
server:
  server-count:   1
  ip-address:     172.31.1.100
#  ip-address:     88.99.227.228
  ip-address:     2a01:4f8:c0c:14c9::2
  ip-transparent: yes
  identity:       "VL-LOMOV domain reserve DNS"
  zonesdir:       "/etc/nsd"

zone:
  name:               "vl-lomov.ru"
  zonefile:           "vl-lomov.ru.forward"
  allow-notify:        185.185.68.15          NOKEY
  request-xfr:   AXFR  185.185.68.15          NOKEY
  allow-notify:        2a0a:2b40::4:140       NOKEY
  request-xfr:   AXFR  2a0a:2b40::4:140       NOKEY

remote-control:
  control-enable: yes
-------------------- 8< -------------------- 8< ------------------------

P.S. I don't see reason to hide the IPs of the hosts so I shown the
configuration as is.

---
WBR, Vladimir Lomov

-- 
Persistence in one opinion has never been considered a merit in political
leaders.
		-- Marcus Tullius Cicero, "Ad familiares", 1st century BC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20181018/d41c8670/attachment.bin>

More information about the nsd-users mailing list