[Pdns-users] Notify being ignored

Fabian A. Santiago fsantiago at garbage-juice.com
Thu May 4 10:09:08 UTC 2017


On May 4, 2017 3:52:40 AM EDT, Remi Gacogne <remi.gacogne at powerdns.com> wrote:
>On 05/04/2017 12:10 AM, David Jones wrote:
>> I have a PowerDNS server setup as a slave and see this in my logs
>> constantly:
>> 
>> Received NOTIFY for example.com from 1.2.3.4 but remote is not
>> permitted by TSIG or allow-notify-from
>> 
>> I was hoping to not have to maintain a long list of master IPs in the
>> allow-notify-from.  One would think that the IP being listed in the
>> domains.master table would automatically allow NOTIFYs for that
>> domain.  One would also think that an IP being listed in the
>> supermaster.ip table would allow NOTIFYs from that supermaster.
>> 
>> Am I missing something?  Will I need to add something to the
>> domainmetadata table to allow NOTIFYs?
>
>'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows
>everything. Of course additional checks are performed afterwards, like
>checking if the configuration requires a valid TSIG signature, whether
>we are authoritative for the domain, that we are not master for it and
>that the notifications comes from a known master or a super-master.
>
>Regards,

But aren't they saying that they have their slaves listed as supermasters but are still being ignored?

I thought I had noticed this happening too. I added mine to allow-notify-from...

-- 
Thanks.
Fabian S.

OpenPGP:

3c3fa072accb7ac5db0f723455502b0eeb9070fc


More information about the Pdns-users mailing list