[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?

Berry A.W. van Halderen berry at nlnetlabs.nl
Tue Dec 27 15:04:56 UTC 2016

On 12/27/2016 03:32 PM, PGNet Dev wrote:
> On 12/27/2016 01:36 AM, Berry A.W. van Halderen wrote:
>> So I think that TSIG authorization isn't supported (yet) for
>> OpenDNSSEC.  There is a bit of rationale why for inbound xfers
>> it is less used.  Most of the times OpenDNSSEC is used where
>> the incoming zones are from a secured path anyway.  Securing
>> by just restricting the address is enough.
>> Because it the setup you're looking for you are using
>>, this might be the case as well and just removing
>> the requirement from the bind definition to require TSIGs
>> from will make this work.
>> Yes the documentation does not explicitly state this and it is
>> certainly a feature worth implementing.
> IIUC, you're talking about inbound transfer from bind to ods.
> As in my latest summary post, I'm not currently having problems with the
> inbound transfer; it's working.
> It's the OUTBOUND notify, in my case from ods to the secondary nsd4
> instance, that's failing.

A, but initially it was the /inbound/ you were trying to get up and
running.  Later on you modified your addns.xml to:

> cat addns.xml
  <?xml version="1.0" encoding="UTF-8"?>

The Remote section here is missing the Key-reference.


More information about the Opendnssec-user mailing list