[Opendnssec-user] ODS 1.4.0 trunk - ACL notify doesn't work
Matthijs Mekking
matthijs at nlnetlabs.nl
Thu May 24 08:29:36 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Daniel,
Could you share (off list if you want) the addns.xml and the <Zone>
part from zonelist.xml that is causing this?
Best regards,
Matthijs
On 05/23/2012 04:16 PM, Daniel Salzman wrote:
> Hi, I don't understand how to set up
> Adapter/DNS/Inbound/AllowNotify/Peer/Prefix.
>
> It doesn't matter which address or prefix I use (for IPv4 with the
> same result, I think). In all cases "no acl matches".
>
>
> For <Prefix>2001:1488:ac14:1400::/24</Prefix>:
>
> May 23 15:52:58 dsl-test ods-signerd: [socket] incoming udp message
> May 23 15:52:58 dsl-test ods-signerd: [query] tsig ok May 23
> 15:52:58 dsl-test ods-signerd: [query] incoming notify for zone
> aaa.cz May 23 15:52:58 dsl-test ods-signerd: [query] notify for
> zone aaa.cz from client 2001:1488:ac14:1400:dd0e:13ae:a784:97da
> refused: no acl matches May 23 15:52:58 dsl-test ods-signerd:
> [query] refused May 23 15:52:58 dsl-test ods-signerd: [socket]
> query processed qstate=0 May 23 15:52:58 dsl-test ods-signerd:
> [socket] sending 162 bytes over udp May 23 15:52:58 dsl-test
> ods-signerd: [dnshandler] netio dispatch
>
> ==============
>
> For <Prefix>2001:1488:ac14:1400:dd0e:13ae:a784:97da</Prefix>:
>
> May 23 15:50:35 dsl-test ods-signerd: [socket] incoming udp message
> May 23 15:50:35 dsl-test ods-signerd: [query] tsig ok May 23
> 15:50:35 dsl-test ods-signerd: [query] incoming notify for zone
> aaa.cz May 23 15:50:35 dsl-test ods-signerd: [acl] no match: tsig
> present but no config May 23 15:50:35 dsl-test ods-signerd:
> [query] notify for zone aaa.cz from client
> 2001:1488:ac14:1400:dd0e:13ae:a784:97da refused: no acl matches
> May 23 15:50:35 dsl-test ods-signerd: [query] refused May 23
> 15:50:35 dsl-test ods-signerd: [socket] query processed qstate=0
> May 23 15:50:35 dsl-test ods-signerd: [socket] sending 162 bytes
> over udp May 23 15:50:35 dsl-test ods-signerd: [dnshandler] netio
> dispatch
>
> Thanks Dan _______________________________________________
> Opendnssec-user mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPvfFwAAoJEA8yVCPsQCW5bSwH+gKBx3tMn8JdeKOGV2Q/irJn
8PQVj6AHM/Jp3T7O3QmvAHLiBdwPC5sC4+TuLfXMU3w4fCP94A+FREkPnLaBYtl9
lKJwbGmoVIomJn5/HZbOEuq1sxEbwGvOBO2nowRLfL+tonuDQ0HmCDFGGvqR28wv
27fcvLknUAsJ/aPWHvPuX+GWXZoNcyGSHSRzhQ36dHCrDFvXDPMxxuhikdV5MvYd
6RurN8zpf3FD/W1ZHT8LqtroOAuABBLiV3AKogja/hdqOKylcnSCzEC4guFAH0u+
Oa4mGnVx3UEsbDWYPMSSoYaZ1G5EH1OY0sACwdPZEPFiyiXBiYPuQsb/lKcgZNc=
=cviM
-----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list