[Pdns-users] AXFR chunk error: Server Not Authoritative for zone / Not Authorized

a b tripivceta at hotmail.com
Sun Sep 6 14:11:26 UTC 2015


> Yes. and I ment ALLOW-AXFR-FROM. You can use 
> 
> pdnssec set-meta
> 
> Command to set this value.

That is good to know, thank you.

# pdnssec set-meta ALLOW-AXFR-FROM '0.0.0.0/0'
Unable to set meta for 'ALLOW-AXFR-FROM'

It appears that "set-meta" is not documented in the 3.4.5's pdnssec manual page, so I am not sure what to put in there.
Does using the pdnssec command imply that I have to configure NSSEC?

Meanwhile, I discovered that if I set:

allow-axfr-ips=0.0.0.0/0

in pdns.conf, the AXFR semantics work as in pdns_server 3.1.

This seems odd, because a recursive diff between 3.1 and 3.4.5 comes up with the following:

--- pdns-3.4.1/pdns/common_startup.cc   Tue Oct 28 13:51:22 2014
+++ pdns-3.4.5/pdns/common_startup.cc   Tue Jun  9 14:29:04 2015
...
...
...
-  ::arg().set("slave-cycle-interval","Reschedule failed SOA serial checks once every .. seconds")="60";
+  ::arg().set("allow-notify-from","Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies.")="0.0.0.0/0,::/0";
+  ::arg().set("slave-cycle-interval","Schedule slave freshness checks once every .. seconds")="60";

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20150906/c020cd0b/attachment-0001.html>


More information about the Pdns-users mailing list