I would like to follow up on my previous message on the mailing list by saying that I have finally focused my issue to the tsig/ key ... The authoritative nsd1(master) & nsd2 (slave) after NOKEY change works without an issue and I'm able to get zone records; having said that, I would like to have the keys set up / DNSSEC.
When setting up keys, setting up allow-query, and setting up patterns on each zone the previous unbound log still occurs (refuse) BUT now I can see new logs in the NSD not previously available (SLAVE ns2 works with keys and without keys meaning it gets serial from each of the zones in master / no error in nsd log)...
The new logs entries after TSIG changes in nsd.log (Master):
[2022-12-10 19:17:57.370] nsd[6338]: info: query example.com. from DNS1 (unbound1_Global) refused, no acl matches .
[2022-12-10 19:17:57.778] nsd[6338]: info: query example.com. from DNS1 (unbound1_Local_Alias) refused, no acl matches .
[2022-12-10 19:17:57.370] nsd[6338]: info: query example.com. from DNS2 (unbound1_Global) refused, no acl matches .
[2022-12-10 19:17:57.778] nsd[6338]: info: query example.com. from DNS2 (unbound1_Local_Alias) refused, no acl matches .
This occurs every time I used drill/dig to get information on the NSD zones I set up with the key.
I have looked into the issues but I have not been able to find exactly what the log means no acl matches or how to remedy it because I was under the impression that with the allow-query option in the pattern section and adding it to the zones it would serve as an access control list for NSD (maybe there is something else I must add as an acl). Any assistance on properly configuring this final step would be appreciated, I am kind of stuck at the moment.