Hello again,
here is my second problem for today.
nsdc update at a slave server failed with this:
Sending notify to localhost to update secondary zones...
Jan 03 13:41:25 nsd-notify[7399]: warning: no local address family matches remote address family, skipping server '127.0.0.1'
Jan 03 13:41:25 nsd-notify[7400]: warning: bad reply from ::1 for zone example.com., error response REFUSED (5).
If I remove the difffile, xfrdfile and database,
rebuild the database and start nsd, then the slave fetches the zones from the master.
All zonetransfer and notify is configured to use IPv6 and TSIG.
Both server do not listen to 127.0.0.1 or ::1
nsd-master.conf
zone:
name: "example.com"
zonefile: "/etc/nsd/zones/example.com"
notify: <slaves ipv6 address> notify-key
provide-xfr: <slaves ipv6 address> xfer-key
outgoing-interface: master ipv6 address> NOKEY
allow-axfr-fallback: yes
nsd-slave.conf
zone:
name "example.com"
zonefile: "/etc/nsd/zones.slave/example.com"
allow-notify: 127.0.0.1 NOKEY
allow-notify: ::1 NOKEY
allow-notify: <master ipv6 address> notify-key
request-xfr: AXFR <master ipv6 address> xfer-key
outgoing-interface: <slave ipv6 address> NOKEY
allow-axfr-fallback: yes
both config-files:
key:
name: "notify-key"
algorithm: "hmac-md5"
secret: "<base64-data>"
key:
name: "xfer-key"
algorithm: "hmac-sha256"
secret: "<base64-data>"
Funny to note, that the notify-key cannot be a hmac-sha256 ...