[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?
PGNet Dev
pgnet.dev at gmail.com
Tue Dec 27 14:32:40 UTC 2016
On 12/27/2016 01:36 AM, Berry A.W. van Halderen wrote:
> So I think that TSIG authorization isn't supported (yet) for
> OpenDNSSEC. There is a bit of rationale why for inbound xfers
> it is less used. Most of the times OpenDNSSEC is used where
> the incoming zones are from a secured path anyway. Securing
> by just restricting the address is enough.
>
> Because it the setup you're looking for you are using
> 127.0.0.1, this might be the case as well and just removing
> the requirement from the bind definition to require TSIGs
> from 127.0.0.1 will make this work.
>
> Yes the documentation does not explicitly state this and it is
> certainly a feature worth implementing.
IIUC, you're talking about inbound transfer from bind to ods.
As in my latest summary post, I'm not currently having problems with the
inbound transfer; it's working.
It's the OUTBOUND notify, in my case from ods to the secondary nsd4
instance, that's failing.
More information about the Opendnssec-user
mailing list