[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?

Berry A.W. van Halderen berry at nlnetlabs.nl
Wed Dec 28 15:24:40 UTC 2016

On 12/28/2016 02:54 PM, PGNet Dev wrote:
> On 12/28/2016 02:27 AM, Berry A.W. van Halderen wrote:
>> So the NOTIFY gets as source address while is being
>> sent to  That is an "invalid argument" to the operating
>> system.  If you reverse the two interfaces probably things start
>> working.
> Unfortunately, though behavior IS apparently sensitive to that order,
> they just fail *differently*.

Then how *does* that fail then?

On 12/28/2016 03:01 PM, PGNet Dev wrote:
> On 12/28/2016 05:54 AM, PGNet Dev wrote:
>> Postfix, as as example of app that provides such explicit security, does
>> an excellent job of allowing bind-address specified per action/daemon ...
> And, apparently, so does nsd4, although on a per-zone basis, using its
>     "outgoing-interface:"
> param.

Different programs, different requirements.
All in all, the outgoing interface needs to be able to reach the
destination, if not all slave servers are on the same network,
you would need to be able to specify a outgoing-interface on a
per destination basis.  It will get very hairy then.
So far, the assumption that the primary address, had been good enough.
We can always extend functionality.


More information about the Opendnssec-user mailing list