[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?

PGNet Dev pgnet.dev at gmail.com
Tue Dec 27 14:32:40 UTC 2016

On 12/27/2016 01:36 AM, Berry A.W. van Halderen wrote:
> So I think that TSIG authorization isn't supported (yet) for
> OpenDNSSEC.  There is a bit of rationale why for inbound xfers
> it is less used.  Most of the times OpenDNSSEC is used where
> the incoming zones are from a secured path anyway.  Securing
> by just restricting the address is enough.
> Because it the setup you're looking for you are using
>, this might be the case as well and just removing
> the requirement from the bind definition to require TSIGs
> from will make this work.
> Yes the documentation does not explicitly state this and it is
> certainly a feature worth implementing.

IIUC, you're talking about inbound transfer from bind to ods.

As in my latest summary post, I'm not currently having problems with the 
inbound transfer; it's working.

It's the OUTBOUND notify, in my case from ods to the secondary nsd4 
instance, that's failing.

More information about the Opendnssec-user mailing list