[nsd-users] Replication Failing
Peter Fraser
p_fraser at hotmail.com
Wed Jul 20 17:36:19 UTC 2022
Fantastic. Appreciate the response. Works perfectly now. Thank you very much.
________________________________
From: Anand Buddhdev <anandb at ripe.net>
Sent: Wednesday, July 20, 2022 9:32 AM
To: Peter Fraser <p_fraser at hotmail.com>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl>
Subject: Re: [nsd-users] Replication Failing
On 19/07/2022 18:55, Peter Fraser via nsd-users wrote:
Hi Peter,
This is a common misunderstanding with most people. They mistakenly
assume that if a process is listening on port X, that it will also
initiate outgoing connections from the same port X.
Even though your DNS2 NSD is _listening_ on port 53000, when it makes an
_outgoing_ TCP connection to DNS1 NSD for XFR of "my_domain.net", it
will use a random source port. However, you are _only_ allowing
connections from DNS2's IP and a specific source port in the
"provide-xfr" directive on DNS1's NSD. Just remove the @53000.
Regards,
Anand
> DNS1 with NSD.conf relevant settings
> IP: 192.168.1.2
> Unbound Port: 53
> NSD Port: 54000
>
> ip-address: 192.168.1.2
> do-ip4: yes
> port: 54000
> hide-version: yes
>
> pattern:
> name: "dns2"
> notify: 192.168.1.3 at 53000 NOKEY
> provide-xfr: 192.168.1.3 at 53000 NOKEY
> outgoing-interface: 192.168.1.2 at 54000
>
> zone:
> name: "my_domain.net"
> zonefile: my_domain.net.zone
> include-pattern: "dns2"
[snip]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20220720/1303a593/attachment.htm>
More information about the nsd-users
mailing list