[Pdns-users] Notify being ignored
Remi Gacogne
remi.gacogne at powerdns.com
Thu May 4 07:52:40 UTC 2017
On 05/04/2017 12:10 AM, David Jones wrote:
> I have a PowerDNS server setup as a slave and see this in my logs
> constantly:
>
> Received NOTIFY for example.com from 1.2.3.4 but remote is not
> permitted by TSIG or allow-notify-from
>
> I was hoping to not have to maintain a long list of master IPs in the
> allow-notify-from. One would think that the IP being listed in the
> domains.master table would automatically allow NOTIFYs for that
> domain. One would also think that an IP being listed in the
> supermaster.ip table would allow NOTIFYs from that supermaster.
>
> Am I missing something? Will I need to add something to the
> domainmetadata table to allow NOTIFYs?
'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows
everything. Of course additional checks are performed afterwards, like
checking if the configuration requires a valid TSIG signature, whether
we are authoritative for the domain, that we are not master for it and
that the notifications comes from a known master or a super-master.
Regards,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170504/33901cec/attachment.sig>
More information about the Pdns-users
mailing list