[nsd-users] Notify refused, no acl matches

Alexander Varejão frater.alexander at gmail.com
Fri Jul 1 13:45:17 UTC 2022


>
>
> >nsd[202429]: info: zone foo.bar serial [NUMBER HERE] is updated to [NUMBER
> >HERE]
>
> there is so much obfuscation here, that IMO it's impossible to assist you.
> Honestly, now, you're even obfuscating SOA serial numbers?! Obfuscation
> taken
> to a completely new level.
>
>         -JP
>
> Hi JP

I'm sorry
Consider something like that:

nsd[255715]: [2022-07-01 12:28:51.766] nsd[255715]: info: zone foo.bar
serial 53 is updated to 54

Thanks


>  Hi Alexander,
>
> Seems to me the primary is configured correctly as far as notify
> messages go. Presumably, the address from which the notify is sent is
> different, or perhaps the key doesn't match.
>
> It is probably easiest to use something like ldns-notify to test what
> the exact issue is. At least, that's the route I'd take. Don't think
> you need to test with actual zone updates, just sent a notify and NSD
> will figure out there's no new information once it passes the acl.
>
> - Jeroen
>

Hi Jeroen

Thanks for answer

Testing with ldns-notify all seems work ok

    ldns-notify   -z foo.bar   -I X.X.X.X   -y upd_key: KEY_B_HERE Z.Z.Z.Z

So my secondary server received the update with no error

      nsd[256548]: info: notify for foo.bar. from X.X.X.X

But if I try update the zone expecting  bind to notify it my secondary
server still has the same error:

        nsd[256740]: info: notify for foo.bar. from X.X.X.X. refused, no
acl matches.

:(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20220701/9107d8cd/attachment.htm>


More information about the nsd-users mailing list