Hi Dears,
I’m new to NSD and I’m trying test it
I see others topics about it but I think that’s not the same issue
I have two machines:
I’m confused about NSD config, could someone help me about it?
My authoritative server has the following configuration:
nsd[202429]: info: zone foo.bar serial [NUMBER HERE] is updated to [NUMBER
HERE]
there is so much obfuscation here, that IMO it's impossible to assist you.
Honestly, now, you're even obfuscating SOA serial numbers?! Obfuscation taken
to a completely new level.
-JP
Hi Alexander,
Seems to me the primary is configured correctly as far as notify
messages go. Presumably, the address from which the notify is sent is
different, or perhaps the key doesn't match.
It is probably easiest to use something like ldns-notify to test what
the exact issue is. At least, that's the route I'd take. Don't think
you need to test with actual zone updates, just sent a notify and NSD
will figure out there's no new information once it passes the acl.
- Jeroen
nsd[202429]: info: zone foo.bar serial [NUMBER HERE] is updated to [NUMBER
HERE]there is so much obfuscation here, that IMO it’s impossible to assist you.
Honestly, now, you’re even obfuscating SOA serial numbers?! Obfuscation taken
to a completely new level.-JP
Hi JP
I’m sorry
Consider something like that:
nsd[255715]: [2022-07-01 12:28:51.766] nsd[255715]: info: zone foo.bar serial 53 is updated to 54
Thanks
Hi Alexander,
Seems to me the primary is configured correctly as far as notify
messages go. Presumably, the address from which the notify is sent is
different, or perhaps the key doesn’t match.It is probably easiest to use something like ldns-notify to test what
the exact issue is. At least, that’s the route I’d take. Don’t think
you need to test with actual zone updates, just sent a notify and NSD
will figure out there’s no new information once it passes the acl.
- Jeroen
Hi Jeroen
Thanks for answer
Testing with ldns-notify all seems work ok
ldns-notify -z foo.bar -I X.X.X.X -y upd_key: KEY_B_HERE Z.Z.Z.Z
So my secondary server received the update with no error
nsd[256548]: info: notify for foo.bar. from X.X.X.X
But if I try update the zone expecting bind to notify it my secondary server still has the same error:
nsd[256740]: info: notify for foo.bar. from X.X.X.X. refused, no acl matches.
Hi,
TSIG key to sign NOTIFY seems be missing in your BIND9 configuration.
( it should be
also-notify { Z.Z.Z.Z key upd_key; };
etc.)
NSD's allow-notify ACL with a TSIG key requests
- source IP address matches, and
- good TSIG signature by the key
for incoming NOTIFY messages.
Hi,