[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?
Berry A.W. van Halderen
berry at nlnetlabs.nl
Tue Dec 27 15:04:56 UTC 2016
On 12/27/2016 03:32 PM, PGNet Dev wrote:
> On 12/27/2016 01:36 AM, Berry A.W. van Halderen wrote:
>> So I think that TSIG authorization isn't supported (yet) for
>> OpenDNSSEC. There is a bit of rationale why for inbound xfers
>> it is less used. Most of the times OpenDNSSEC is used where
>> the incoming zones are from a secured path anyway. Securing
>> by just restricting the address is enough.
>> Because it the setup you're looking for you are using
>> 127.0.0.1, this might be the case as well and just removing
>> the requirement from the bind definition to require TSIGs
>> from 127.0.0.1 will make this work.
>> Yes the documentation does not explicitly state this and it is
>> certainly a feature worth implementing.
> IIUC, you're talking about inbound transfer from bind to ods.
> As in my latest summary post, I'm not currently having problems with the
> inbound transfer; it's working.
> It's the OUTBOUND notify, in my case from ods to the secondary nsd4
> instance, that's failing.
A, but initially it was the /inbound/ you were trying to get up and
running. Later on you modified your addns.xml to:
> cat addns.xml
<?xml version="1.0" encoding="UTF-8"?>
The Remote section here is missing the Key-reference.
More information about the Opendnssec-user