[nsd-users] How to "debug" REFUSED for notify request

Vladimir Lomov lomov.vl at yandex.ru
Fri Oct 19 04:19:41 UTC 2018


Hello,
** Anand Buddhdev [2018-10-18 16:15:18 +0200]:

> On 18/10/2018 15:15, Vladimir Lomov wrote:
> 
> Hi Vladimir,
> 
>> Until I added additional IPv6 addresses (one additional for each host)
>> this setup worked well. After I added second IPv6 address I see errors
>> on primary host:
>> -------------------- 8< -------------------- 8< ------------------------
>> "xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
>> -------------------- 8< -------------------- 8< ------------------------
> 
> If you have 2 IPv6 addresses on the same interface on the primary, then
> the NOTIFY message over IPv6 may be originating from the wrong IPv6
> address. See below.
> 
>> How I could "debug" this "REFUSED" error?
>> 
>> This is configuration for primary host:
>> -------------------- 8< -------------------- 8< ------------------------
>> server:
>>   server-count:   1
>>   ip-address:     185.185.68.15
>>   ip-address:     2a0a:2b40::4:140
> 
> NSD binds to this address for answering queries, but when it
> *originates* a NOTIFY message, it does not use this address. It may be
> using the other address. See below for how to solve it.
> 
>>   ip-transparent: yes
>>   identity:       "VL-LOMOV domain master DNS"
>>   zonesdir:       "/etc/nsd"
>> 
>> zone:
>>   name:         "vl-lomov.ru"
>>   zonefile:     "vl-lomov.ru.forward"
>>   notify:        88.99.227.228             NOKEY
>>   provide-xfr:   88.99.227.228             NOKEY
>>   notify:        2a01:4f8:c0c:14c9::2      NOKEY
> 
> Add "outgoing-interface: 2a0a:2b40::4:140" here. This allows NSD to send
> NOTIFY messages from the address that the secondary is expecting.

I already thought about "strange" situation when NSD runs on host with
two IPv6 but didn't take into account that it can use different outgoing
interface than the notify address.

Thank you for your help.

> Regards,
> Anand

---
WBR, Vladimir Lomov

-- 
-- Neophyte's serendipity.
-- Exclusive dedication to necessitious chores without interludes of
	hedonistic diversion renders John a hebetudinous fellow.
-- A revolving concretion of earthy or mineral matter accumulates no
	congeries of small, green bryophytic plant.
-- The person presenting the ultimate cachinnation possesses thereby the
	optimal cachinnation.
-- Abstention from any aleatory undertaking precludes a potential
	escallation of a lucrative nature.
-- Missiles of ligneous or osteal consistency have the potential of
	fracturing osseous structure, but appellations will eternally
	remain innocuous.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20181019/f8b9ade0/attachment.bin>


More information about the nsd-users mailing list