[nsd-users] Replication Failing
Anand Buddhdev
anandb at ripe.net
Wed Jul 20 09:32:34 UTC 2022
On 19/07/2022 18:55, Peter Fraser via nsd-users wrote:
Hi Peter,
This is a common misunderstanding with most people. They mistakenly
assume that if a process is listening on port X, that it will also
initiate outgoing connections from the same port X.
Even though your DNS2 NSD is _listening_ on port 53000, when it makes an
_outgoing_ TCP connection to DNS1 NSD for XFR of "my_domain.net", it
will use a random source port. However, you are _only_ allowing
connections from DNS2's IP and a specific source port in the
"provide-xfr" directive on DNS1's NSD. Just remove the @53000.
Regards,
Anand
> DNS1 with NSD.conf relevant settings
> IP: 192.168.1.2
> Unbound Port: 53
> NSD Port: 54000
>
> ip-address: 192.168.1.2
> do-ip4: yes
> port: 54000
> hide-version: yes
>
> pattern:
> name: "dns2"
> notify: 192.168.1.3 at 53000 NOKEY
> provide-xfr: 192.168.1.3 at 53000 NOKEY
> outgoing-interface: 192.168.1.2 at 54000
>
> zone:
> name: "my_domain.net"
> zonefile: my_domain.net.zone
> include-pattern: "dns2"
[snip]
More information about the nsd-users
mailing list