[nsd-users] Confused error with code REFUSED
Vladimir Lomov
lomov.vl at yandex.ru
Sun Aug 30 12:52:36 UTC 2020
Hello,
** A. Schulze via nsd-users <nsd-users at lists.nlnetlabs.nl> [2020-08-30 10:42:29 +0200]:
> Am 30.08.20 um 06:12 schrieb Vladimir Lomov via nsd-users:
>> Both servers managed by systemd.
> Hi,
> I've no clear idea about the implications of "managed by systemd" But I
> know, systemd could listen for inbound connection on a specified IP+Port.
> Inbound traffic is the n magically relayed to an application. I guess
> systemd must be configured for this task somehow. Maybe incoming notify
> connections are affected.
Sorry, bad wording. I meant that NSD is started, stopped and reloaded by
systemd. The nsd.service doesn't do any special except that.
> I reviewed your configuration and for me it looks not obviously wrong.
> two points:
> - As you configured multiple IPv6 addresses and also enabled "ip-transparent"
> the ip addresses on each host would worth a look.
> - I never used two "outgoing-interface" statements. You may try to reconfig
> using only one "outgoing-interface" and see if this solved your issue.
Ah, that was helpful. I rechecked the IPs on both hosts and NSD configuration,
they are correct. Then I turned off 'outgoing-interface' on host A and added
'versobility' to both servers to figure out what is going wrong. On host B
there were no changes but on host A I saw that it drops connections from host
B due to not matching (ACL) ip address. That was it, as both hosts has several
IP6 addresses and NSD configured to listen only on specific addresses I forgot
that it doesn't mean that NSD will use the same addresses for notification. I
reread the nsd.conf(5) and added 'outgoing-interface' for both servers. Now
all works fine.
> Andreas
Thank you.
---
WBR, Vladimir Lomov
--
She just came in, pounced around this thing with me for a few years, enjoyed
herself, gave it a sort of beautiful quality and left. Excited a few men
in the meantime.
-- Patrick Macnee, reminiscing on Diana Rigg's
involvement in "The Avengers".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20200830/1809ab18/attachment.bin>
More information about the nsd-users
mailing list