[Opendnssec-user] ODS 1.4.0 trunk - ACL notify doesn't work
Daniel Salzman
daniel.salzman at nic.cz
Thu May 24 12:36:44 UTC 2012
Hi,
sorry, it was my mistake. I didn't have a <key> in <AllowNotify>.
The examples and doc don't contain it and I didn't analyze source :-)
Thanks a lot,
Dan
On 05/24/2012 10:29 AM, Matthijs Mekking wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Daniel,
>
> Could you share (off list if you want) the addns.xml and the<Zone>
> part from zonelist.xml that is causing this?
>
> Best regards,
> Matthijs
>
>
> On 05/23/2012 04:16 PM, Daniel Salzman wrote:
>> Hi, I don't understand how to set up
>> Adapter/DNS/Inbound/AllowNotify/Peer/Prefix.
>>
>> It doesn't matter which address or prefix I use (for IPv4 with the
>> same result, I think). In all cases "no acl matches".
>>
>>
>> For<Prefix>2001:1488:ac14:1400::/24</Prefix>:
>>
>> May 23 15:52:58 dsl-test ods-signerd: [socket] incoming udp message
>> May 23 15:52:58 dsl-test ods-signerd: [query] tsig ok May 23
>> 15:52:58 dsl-test ods-signerd: [query] incoming notify for zone
>> aaa.cz May 23 15:52:58 dsl-test ods-signerd: [query] notify for
>> zone aaa.cz from client 2001:1488:ac14:1400:dd0e:13ae:a784:97da
>> refused: no acl matches May 23 15:52:58 dsl-test ods-signerd:
>> [query] refused May 23 15:52:58 dsl-test ods-signerd: [socket]
>> query processed qstate=0 May 23 15:52:58 dsl-test ods-signerd:
>> [socket] sending 162 bytes over udp May 23 15:52:58 dsl-test
>> ods-signerd: [dnshandler] netio dispatch
>>
>> ==============
>>
>> For<Prefix>2001:1488:ac14:1400:dd0e:13ae:a784:97da</Prefix>:
>>
>> May 23 15:50:35 dsl-test ods-signerd: [socket] incoming udp message
>> May 23 15:50:35 dsl-test ods-signerd: [query] tsig ok May 23
>> 15:50:35 dsl-test ods-signerd: [query] incoming notify for zone
>> aaa.cz May 23 15:50:35 dsl-test ods-signerd: [acl] no match: tsig
>> present but no config May 23 15:50:35 dsl-test ods-signerd:
>> [query] notify for zone aaa.cz from client
>> 2001:1488:ac14:1400:dd0e:13ae:a784:97da refused: no acl matches
>> May 23 15:50:35 dsl-test ods-signerd: [query] refused May 23
>> 15:50:35 dsl-test ods-signerd: [socket] query processed qstate=0
>> May 23 15:50:35 dsl-test ods-signerd: [socket] sending 162 bytes
>> over udp May 23 15:50:35 dsl-test ods-signerd: [dnshandler] netio
>> dispatch
>>
>> Thanks Dan _______________________________________________
>> Opendnssec-user mailing list Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPvfFwAAoJEA8yVCPsQCW5bSwH+gKBx3tMn8JdeKOGV2Q/irJn
> 8PQVj6AHM/Jp3T7O3QmvAHLiBdwPC5sC4+TuLfXMU3w4fCP94A+FREkPnLaBYtl9
> lKJwbGmoVIomJn5/HZbOEuq1sxEbwGvOBO2nowRLfL+tonuDQ0HmCDFGGvqR28wv
> 27fcvLknUAsJ/aPWHvPuX+GWXZoNcyGSHSRzhQ36dHCrDFvXDPMxxuhikdV5MvYd
> 6RurN8zpf3FD/W1ZHT8LqtroOAuABBLiV3AKogja/hdqOKylcnSCzEC4guFAH0u+
> Oa4mGnVx3UEsbDWYPMSSoYaZ1G5EH1OY0sACwdPZEPFiyiXBiYPuQsb/lKcgZNc=
> =cviM
> -----END PGP SIGNATURE-----
More information about the Opendnssec-user
mailing list