notify rejected in unbound 1.16.3
Peter Hessler
phessler at theapt.org
Tue Nov 8 09:26:54 UTC 2022
Hi All,
I'm running unbound 1.16.3 as included in OpenBSD 7.2, and wanted to cache
a public zone on it. It is a caching resolver for a busy[1] website and
since I use lots of dns entries in my configuration I want to have a
local copy of the zone already in the cache.
I added this stanza to my working configuration:
auth-zone:
name: "example.com"
primary: "ns.example.org"
# allow-notify: "ns.example.org"
fallback-enabled: yes
for-downstream: no
for-upstream: yes
and configured my primary auth server to allow AXFR and send NOTIFYs to
this system. When I start unbound, it does an AXFR properly so it has
the data. However, when i send a NOTIFY I immediately get back a
rejected message. I've verified that the IP addresses are correct, and
even though it should automatically allow the primary to send notifies
I've tried with manually added allow-notify entries for both the
dual-stack hostname and for the raw IP address of the sending server.
Am I holding it wrong?
-peter
[1] Busy is subjective, but the logs scroll by faster than I can read
them.
--
God made machine language; all the rest is the work of man.
More information about the Unbound-users
mailing list