[Opendnssec-user] ods2 AXFR request to nameserver fails , reports "bad packet: ... received error code NOTAUTH", but no traffic (tcpdump) seen ?
pgnet.dev at gmail.com
Wed Dec 28 15:36:39 UTC 2016
On 12/28/2016 07:24 AM, Berry A.W. van Halderen wrote:
>> Unfortunately, though behavior IS apparently sensitive to that order,
>> they just fail *differently*.
> Then how *does* that fail then?
Bottom line, it doesn't work. As to the details, I'll have to
re-diagnose & re-gather details if I stick with it ...
> On 12/28/2016 03:01 PM, PGNet Dev wrote:
> Different programs,
> different requirements.
Depends what you're talking about.
If the requirement is to be able to "address" & communicate securely
with different endpoints differently, then no -- not so different.
> All in all, the outgoing interface needs to be able to reach the
> destination, if not all slave servers are on the same network,
Which is in my own experience a far more frequent situation than having
multiple slaves on the SAME network, where typically a properly sized
single nameserver + network work well enough.
TBH, it's a headscratcher for me that the option for different IPs is
provided in inbound/outbound DNS adapters, but that the argument is that
that's now how it's supposed to work ...
If I can't talk to different servers, and automate it all, what's the
> you would need to be able to specify a outgoing-interface on a
> per destination basis.
Sure, that's one approach.
> It will get very hairy then.
Sorry, I don't buy that as a necessary fact. Again, nsd4 manages well
> So far, the assumption that the primary address, had been good enough.
> We can always extend functionality.
That's the basis for my previous question -- will, vs can?
More information about the Opendnssec-user