[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?

[PGNet Dev]

On 12/28/2016 07:24 AM, Berry A.W. van Halderen wrote:
>> Unfortunately, though behavior IS apparently sensitive to that order,
>> they just fail *differently*.
>
> Then how *does* that fail then?

Bottom line, it doesn't work.  As to the details, I'll have to 
re-diagnose & re-gather details if I stick with it ...

> On 12/28/2016 03:01 PM, PGNet Dev wrote:
> Different programs,

yes

> different requirements.

Depends what you're talking about.

If the requirement is to be able to "address" & communicate securely 
with different endpoints differently, then no -- not so different.

> All in all, the outgoing interface needs to be able to reach the
> destination, if not all slave servers are on the same network,

Which is in my own experience a far more frequent situation than having 
multiple slaves on the SAME network, where typically a properly sized 
single nameserver + network work well enough.

TBH, it's a headscratcher for me that the option for different IPs is 
provided in inbound/outbound DNS adapters, but that the argument is that 
that's now how it's supposed to work ...

If I can't talk to different servers, and automate it all, what's the 
point?

> you would need to be able to specify a outgoing-interface on a
> per destination basis.

Sure, that's one approach.

> It will get very hairy then.

Sorry, I don't buy that as a necessary fact.  Again, nsd4 manages well 
enough ...

> So far, the assumption that the primary address, had been good enough.

??

> We can always extend functionality.

That's the basis for my previous question -- will, vs can?