[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?
pgnet.dev at gmail.com
Wed Dec 28 13:54:33 UTC 2016
On 12/28/2016 02:27 AM, Berry A.W. van Halderen wrote:
> So the NOTIFY gets as source address 127.0.0.1 while is being
> sent to 10.2.2.53. That is an "invalid argument" to the operating
> system. If you reverse the two interfaces probably things start
Unfortunately, though behavior IS apparently sensitive to that order,
they just fail *differently*.
> You might wander why we bind to an interface at all
No, not at all. I however do wonder why a bind "per target (or action)"
is not implemented, perhaps using multiple-sockets ....
> Also it is often the case that explicit security is used to require
> NOTIFies to be sent using an explicit source address. So it is
> better to bind in these cases.
If explicit security is in fact a consideration, as I'd hope it would
be, then making any 'guesses' is not a reliable approach.
Postfix, as as example of app that provides such explicit security, does
an excellent job of allowing bind-address specified per action/daemon ...
> I'm afraid it is just one of those things that can go wrong in an
> extended set-up.
I wouldn't have considered a commonplace primary + secondary setup to be
an 'extended' setup ...
In any case, is this extended setup something you intended to cleanly
Simply need to know one way or the other. If so, great. If not, then I
need to use a different approach to DNSSEC automation here.
More information about the Opendnssec-user