[nsd-users] NSD 4.3.8rc1 pre-release
A. Schulze
sca at andreasschulze.de
Wed Oct 6 21:58:41 UTC 2021
Am 04.10.21 um 14:18 schrieb Wouter Wijngaards via nsd-users:
> The 4.3.8rc1 pre-release is available:
> FEATURES:
> - Merge #185 by cesarkuroiwa: Mutual TLS.
Hello,
nsd-4.3.8rc1 compiled without noise,
but the Mutual TLS feature unfortunately does not work well at first try.
Certificate and private key files are present in a directory accessible by root only.
That is sufficient for NSD to operate as DoT server.
The same files now can't be used by NSD in it's role as XFR-over-TLS client.
I assume, the relevant process no longer run as root.
(chroot is not configured/used here)
Also, NSD warn about unreadable certificate files but continue:
[2021-10-06 23:38:59.686] nsd[33]: info: control cmd: force_transfer example
[2021-10-06 23:38:59.687] nsd[33]: info: remote control operation completed
[2021-10-06 23:38:59.688] nsd[33]: error: xfrd tls: Unable to load client certificate from file /acme/nsd.example/cert+intermediate.pem
[2021-10-06 23:38:59.689] nsd[33]: error: xfrd tls: Unable to load private key from file /acme/nsd.example/key.pem
[2021-10-06 23:38:59.989] nsd[33]: info: xfrd: zone example. written received XFR packet from 2001:db8::53 with serial 2110062049 to disk
[2021-10-06 23:38:59.992] nsd[33]: info: xfrd: zone example. written received XFR packet from 2001:db8::53 with serial 2110062049 to disk
[2021-10-06 23:38:59.993] nsd[33]: info: xfrd: zone example. committed "received update to serial 2110062049 at 2021-10-06T23:38:59 from 2001:db8::53 TSIG verified with key Knsd-example"
Andreas
More information about the nsd-users
mailing list