[Pdns-users] Notify being ignored
Fabian A. Santiago
fsantiago at garbage-juice.com
Thu May 4 10:09:08 UTC 2017
On May 4, 2017 3:52:40 AM EDT, Remi Gacogne <remi.gacogne at powerdns.com> wrote:
>On 05/04/2017 12:10 AM, David Jones wrote:
>> I have a PowerDNS server setup as a slave and see this in my logs
>> constantly:
>>
>> Received NOTIFY for example.com from 1.2.3.4 but remote is not
>> permitted by TSIG or allow-notify-from
>>
>> I was hoping to not have to maintain a long list of master IPs in the
>> allow-notify-from. One would think that the IP being listed in the
>> domains.master table would automatically allow NOTIFYs for that
>> domain. One would also think that an IP being listed in the
>> supermaster.ip table would allow NOTIFYs from that supermaster.
>>
>> Am I missing something? Will I need to add something to the
>> domainmetadata table to allow NOTIFYs?
>
>'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows
>everything. Of course additional checks are performed afterwards, like
>checking if the configuration requires a valid TSIG signature, whether
>we are authoritative for the domain, that we are not master for it and
>that the notifications comes from a known master or a super-master.
>
>Regards,
But aren't they saying that they have their slaves listed as supermasters but are still being ignored?
I thought I had noticed this happening too. I added mine to allow-notify-from...
--
Thanks.
Fabian S.
OpenPGP:
3c3fa072accb7ac5db0f723455502b0eeb9070fc
More information about the Pdns-users
mailing list