[Pdns-users] How to understand cause of rejected notify
mrobti at insiberia.net
Sat Dec 1 21:44:50 UTC 2018
> All supermaster problems I know of can be resolved by checking the
* supermaster support must be enabled
I already asked about this on unanswered inquiry over a week ago. Master
is version 4.1 where I think the setting is not recognized (according to
docs, added in 4.2) thus no- I didn't use it. Would appreciate to have
clarification the use of that setting, how 4.1 works without it and what
it adds to 4.2. Also if you have supermaster=yes then should master=yes
be removed? Documentation does not make it clear
* The supermaster must carry a SOA record for the notified domain
Yes it does
* The supermaster IP must be present in the ‘supermaster’ table
Yes, I said in my last email it exists and can assume this is working
because as I explained the supermaster causes an entry to the
``domains'' table on the slave if I use 4.1 slave. 4.2 slave alone is
refusing the NOTIFY.
* The set of NS records for the domain, as retrieved by the slave from
the supermaster, must include the name that goes with the IP address in
the supermaster table
dig shows me this is true, both @ the master and without @ to local
* If your master sends signed NOTIFY it will mark that TSIG key as the
TSIG key used for retrieval as well
When slave is 4.1 yes it added entry to ``domainmetadata'' table as well
as ``domains''. So appears working good. Just not adding to ``records''
with no error expressed. Only v4.2 just refusing the NOTIFY with no
error to help diagnose.
* If you turn off allow-unsigned-supermaster, then your supermaster(s)
are required to sign their notifications.
Per above I think this is ok
More information about the Pdns-users