[Pdns-users] Notify being ignored

Remi Gacogne remi.gacogne at powerdns.com
Thu May 4 07:52:40 UTC 2017

On 05/04/2017 12:10 AM, David Jones wrote:
> I have a PowerDNS server setup as a slave and see this in my logs
> constantly:
> Received NOTIFY for example.com from but remote is not
> permitted by TSIG or allow-notify-from
> I was hoping to not have to maintain a long list of master IPs in the
> allow-notify-from.  One would think that the IP being listed in the
> domains.master table would automatically allow NOTIFYs for that
> domain.  One would also think that an IP being listed in the
> supermaster.ip table would allow NOTIFYs from that supermaster.
> Am I missing something?  Will I need to add something to the
> domainmetadata table to allow NOTIFYs?

'allow-notify-from' defaults to ',::/0', which allows
everything. Of course additional checks are performed afterwards, like
checking if the configuration requires a valid TSIG signature, whether
we are authoritative for the domain, that we are not master for it and
that the notifications comes from a known master or a super-master.


Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170504/33901cec/attachment.sig>

More information about the Pdns-users mailing list