[nsd-users] Fwd: Notify | transfer refused
A. Schulze
sca at andreasschulze.de
Sun Mar 28 10:23:31 UTC 2021
Am 27.03.21 um 20:19 schrieb Jordan Sullivan via nsd-users:
> My setup: I'm using OpenBSD 6.7. Unbound is resovling on port 53; if an authoratitive request is received, Unbound passes to it nsd on localhost over port 5335. This setup works well, except for the problem with ns1 and ns2.
Hello Jordan,
my guess: unbound can forward dns queries but not dns notify messages.
If possible, let ns1 and ns2 talk directly.
> #ns1 nsd.conf
> notify: 10.x.y.212 sec_key
notify: 10.x.y.212 at 5353 sec_key
> notify: fd00:abc::d4 sec_key
notify: fd00:abc::d4 at 5353 sec_key
> #ns2 nsd.conf
> zone:
> name: "whatever.xyz <http://whatever.xyz>"
> zonefile: whatever.xyz.forward"
> allow-notify: 10.x.y.211 sec_key
configuring both to provide transfer from the other
makes no sense.
@ns2, delete: provide--xfr: 10.x.y.211 sec_key
while debugging issues in such a setup I find it helpful
to start with zone-transfer over /one/ protocol, IPv4 /or/ IPv6
but not both. Simplify the setup :-)
Andreas
More information about the nsd-users
mailing list