I have two hosts running NSD: the primary and the secondary. The first
is configured to send updates of zone to the secondary and the second is
configured to get updates from the first host.
Until I added additional IPv6 addresses (one additional for each host)
this setup worked well. After I added second IPv6 address I see errors
on primary host:
-------------------- 8< -------------------- 8< ------------------------
"xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
-------------------- 8< -------------------- 8< ------------------------
How I could "debug" this "REFUSED" error?
This is configuration for primary host:
-------------------- 8< -------------------- 8< ------------------------
server:
server-count: 1
ip-address: 185.185.68.15
ip-address: 2a0a:2b40::4:140
ip-transparent: yes
identity: "VL-LOMOV domain master DNS"
zonesdir: "/etc/nsd"
Until I added additional IPv6 addresses (one additional for each host)
this setup worked well. After I added second IPv6 address I see errors
on primary host:
-------------------- 8< -------------------- 8< ------------------------
"xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
-------------------- 8< -------------------- 8< ------------------------
If you have 2 IPv6 addresses on the same interface on the primary, then
the NOTIFY message over IPv6 may be originating from the wrong IPv6
address. See below.
How I could "debug" this "REFUSED" error?
This is configuration for primary host:
-------------------- 8< -------------------- 8< ------------------------
server:
server-count: 1
ip-address: 185.185.68.15
ip-address: 2a0a:2b40::4:140
NSD binds to this address for answering queries, but when it
*originates* a NOTIFY message, it does not use this address. It may be
using the other address. See below for how to solve it.
Until I added additional IPv6 addresses (one additional for each host)
this setup worked well. After I added second IPv6 address I see errors
on primary host:
-------------------- 8< -------------------- 8< ------------------------
"xfrd: zone ZONE: received notify response error REFUSED from [IPV6]"
-------------------- 8< -------------------- 8< ------------------------
If you have 2 IPv6 addresses on the same interface on the primary, then
the NOTIFY message over IPv6 may be originating from the wrong IPv6
address. See below.
How I could "debug" this "REFUSED" error?
This is configuration for primary host:
-------------------- 8< -------------------- 8< ------------------------
server:
server-count: 1
ip-address: 185.185.68.15
ip-address: 2a0a:2b40::4:140
NSD binds to this address for answering queries, but when it
*originates* a NOTIFY message, it does not use this address. It may be
using the other address. See below for how to solve it.
Add "outgoing-interface: 2a0a:2b40::4:140" here. This allows NSD to send
NOTIFY messages from the address that the secondary is expecting.
I already thought about "strange" situation when NSD runs on host with
two IPv6 but didn't take into account that it can use different outgoing
interface than the notify address.