[nsd-users] Notify refused, no acl matches
Alexander Varejão
frater.alexander at gmail.com
Fri Jul 1 13:45:17 UTC 2022
>
>
> >nsd[202429]: info: zone foo.bar serial [NUMBER HERE] is updated to [NUMBER
> >HERE]
>
> there is so much obfuscation here, that IMO it's impossible to assist you.
> Honestly, now, you're even obfuscating SOA serial numbers?! Obfuscation
> taken
> to a completely new level.
>
> -JP
>
> Hi JP
I'm sorry
Consider something like that:
nsd[255715]: [2022-07-01 12:28:51.766] nsd[255715]: info: zone foo.bar
serial 53 is updated to 54
Thanks
> Hi Alexander,
>
> Seems to me the primary is configured correctly as far as notify
> messages go. Presumably, the address from which the notify is sent is
> different, or perhaps the key doesn't match.
>
> It is probably easiest to use something like ldns-notify to test what
> the exact issue is. At least, that's the route I'd take. Don't think
> you need to test with actual zone updates, just sent a notify and NSD
> will figure out there's no new information once it passes the acl.
>
> - Jeroen
>
Hi Jeroen
Thanks for answer
Testing with ldns-notify all seems work ok
ldns-notify -z foo.bar -I X.X.X.X -y upd_key: KEY_B_HERE Z.Z.Z.Z
So my secondary server received the update with no error
nsd[256548]: info: notify for foo.bar. from X.X.X.X
But if I try update the zone expecting bind to notify it my secondary
server still has the same error:
nsd[256740]: info: notify for foo.bar. from X.X.X.X. refused, no
acl matches.
:(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20220701/9107d8cd/attachment.htm>
More information about the nsd-users
mailing list