[Opendnssec-user] How to specify outbound IP address for notify

Abdulkareem H. Ali kareem.ali at centralnic.com
Thu Oct 3 14:28:09 UTC 2019 

Hi Mike,


First make sure that the IP is configured and up on the box, then make
sure that nothing else on the same box is using that IP and listening on
port 53.


We use your exact configs on our boxes, although in `conf.xml`, and
works fine. However we don't actually use it to send notifies, we use
the <NotifyCommand> in the <Signer> section to call a script that does
extra checks for us and reloads a local bind instance that eventually
will send DNS NOTIFYs to slaves.


<NotifyCommand>/path/to/customscript %zone</NotifyCommand>


Kareem.


On 01/10/2019 15:29, Mike wrote:
> On 9/30/2019 12:36 PM, Mike wrote:
>> What I want to do:
>>
>> I am trying to configure the Outbound section of
>> adddns.xml/Adapter/DNS/Outbound
>>
>> to use a specific outbound IP address.
>>
>>
>> [snip]
>>
>> So my question is:
>>
>> How do I specify the address that Notify binds to when it is sending a
>> notify message to my slave server?
>>
>> thx.
>
> Some more info on this perplexity...
>
> This subset the Signer section of conf.xml:
>
>
>        <Listener>
>                 <Interface>
>                         <Address>2607:f2f8:af30::53</Address>
>                         <Port>53</Port>
>                 </Interface>
>         </Listener>
>
> produces this result when I start opendnssec (fwiw, I'm running on
> FreeBSD 12.0, using the opendnssec pkg):
>
>    # sockstat -6w
>    USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS
>    root     ods-signer 27391 8  udp6   2607:f2f8:af30::53:53
>    root     ods-signer 27391 9  tcp6   2607:f2f8:af30::53:53
>
> So it looks as if ods-signer is binding to the address/port specified
> upon startup.
>
>
> When I sign a domain, I see this in the log file
> (verbosity is at level 6)
>
> 2019-10-01T10:23:33.428968-04:00 ods-signerd[27391]: [notify] handle
> notify for zone mcmli.com
>
> 2019-10-01T10:23:33.429042-04:00 ods-signerd[27391]: [notify] notify
> timeout for zone mcmli.com
>
> 2019-10-01T10:23:33.429419-04:00 ods-signerd[27391]: [notify] unable to
> bind address 2607:f2f8:af30::53: bind() failed Can't assign requested
> address
>
> 2019-10-01T10:23:33.429536-04:00 ods-signerd[27391]: [notify] unable to
> send notify retry 1 for zone mcmli.com to [slave server]
> notify_send_udp() failed
>
>
> It looks as if the notify command within signer is trying to bind to the
> same address (and same port?  I can't tell.) that it is already bound to.
>
> What am I doing incorrectly?
>
> thx.
>
>
>
>
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-- 
Abdulkareem H. Ali
Operations Team Leader
CentralNic Group PLC
London Stock Exchange Symbol: CNIC

+44 20 3388 0600
www.CentralNic.com

CentralNic Group PLC is a company registered in England and Wales with
company number 8576358. Registered Offices:  CentralNic, 4th Floor, Saddlers House, 44 Gutter Lane, London, EC2V 6BR.

More information about the Opendnssec-user mailing list