[nsd-users] How to "debug" REFUSED for notify request
Anand Buddhdev
anandb at ripe.net
Thu Oct 18 14:15:18 UTC 2018
On 18/10/2018 15:15, Vladimir Lomov wrote:
Hi Vladimir,
> Until I added additional IPv6 addresses (one additional for each host)
> this setup worked well. After I added second IPv6 address I see errors
> on primary host:
> -------------------- 8< -------------------- 8< ------------------------
> "xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
> -------------------- 8< -------------------- 8< ------------------------
If you have 2 IPv6 addresses on the same interface on the primary, then
the NOTIFY message over IPv6 may be originating from the wrong IPv6
address. See below.
> How I could "debug" this "REFUSED" error?
>
> This is configuration for primary host:
> -------------------- 8< -------------------- 8< ------------------------
> server:
> server-count: 1
> ip-address: 185.185.68.15
> ip-address: 2a0a:2b40::4:140
NSD binds to this address for answering queries, but when it
*originates* a NOTIFY message, it does not use this address. It may be
using the other address. See below for how to solve it.
> ip-transparent: yes
> identity: "VL-LOMOV domain master DNS"
> zonesdir: "/etc/nsd"
>
> zone:
> name: "vl-lomov.ru"
> zonefile: "vl-lomov.ru.forward"
> notify: 88.99.227.228 NOKEY
> provide-xfr: 88.99.227.228 NOKEY
> notify: 2a01:4f8:c0c:14c9::2 NOKEY
Add "outgoing-interface: 2a0a:2b40::4:140" here. This allows NSD to send
NOTIFY messages from the address that the secondary is expecting.
Regards,
Anand
More information about the nsd-users
mailing list