[Opendnssec-user] Re: ODS 1.4.0 trunk - ACL notify doesn't work

Daniel Salzman daniel.salzman at nic.cz
Thu May 24 07:45:31 UTC 2012


Additional information:

Tested with Bind as a master.

1) IPv4 notify without TSIG: OK
2) IPv4 notify with TSIG: refused
3) IPv6 notify without TSIG: refused
4) IPv6 notify with TSIG: refused

Dan

On 05/23/2012 04:16 PM, Daniel Salzman wrote:
> Hi,
> I don't understand how to set up
> Adapter/DNS/Inbound/AllowNotify/Peer/Prefix.
>
> It doesn't matter which address or prefix I use (for IPv4 with the same
> result, I think). In all cases "no acl matches".
>
>
> For <Prefix>2001:1488:ac14:1400::/24</Prefix>:
>
> May 23 15:52:58 dsl-test ods-signerd: [socket] incoming udp message
> May 23 15:52:58 dsl-test ods-signerd: [query] tsig ok
> May 23 15:52:58 dsl-test ods-signerd: [query] incoming notify for zone
> aaa.cz
> May 23 15:52:58 dsl-test ods-signerd: [query] notify for zone aaa.cz
> from client 2001:1488:ac14:1400:dd0e:13ae:a784:97da refused: no acl matches
> May 23 15:52:58 dsl-test ods-signerd: [query] refused
> May 23 15:52:58 dsl-test ods-signerd: [socket] query processed qstate=0
> May 23 15:52:58 dsl-test ods-signerd: [socket] sending 162 bytes over udp
> May 23 15:52:58 dsl-test ods-signerd: [dnshandler] netio dispatch
>
> ==============
>
> For <Prefix>2001:1488:ac14:1400:dd0e:13ae:a784:97da</Prefix>:
>
> May 23 15:50:35 dsl-test ods-signerd: [socket] incoming udp message
> May 23 15:50:35 dsl-test ods-signerd: [query] tsig ok
> May 23 15:50:35 dsl-test ods-signerd: [query] incoming notify for zone
> aaa.cz
> May 23 15:50:35 dsl-test ods-signerd: [acl] no match: tsig present but
> no config
> May 23 15:50:35 dsl-test ods-signerd: [query] notify for zone aaa.cz
> from client 2001:1488:ac14:1400:dd0e:13ae:a784:97da refused: no acl matches
> May 23 15:50:35 dsl-test ods-signerd: [query] refused
> May 23 15:50:35 dsl-test ods-signerd: [socket] query processed qstate=0
> May 23 15:50:35 dsl-test ods-signerd: [socket] sending 162 bytes over udp
> May 23 15:50:35 dsl-test ods-signerd: [dnshandler] netio dispatch
>
> Thanks
> Dan



More information about the Opendnssec-user mailing list