[Pdns-users] Notify from master is not accepted
Otto Moerbeek
otto at drijf.net
Tue Oct 8 15:49:25 UTC 2024
On Tue, Oct 08, 2024 at 05:25:29PM +0200, Roland Giesler wrote:
> On 2024/10/08 07:43, Otto Moerbeek wrote:
> > > What should I do to allow the changes onto PowerDNS?
> > allow-notify-from only works on the network, by default a secondary
> > zone still only allows notifies from IPs mentioned as primary (i.e.
> > listed in the list of IPs when doing
> >
> > pdnsutil create-secondary-zone zone primary...
>
> If have tested now that if I simply recreate the zone from the GUI and I
> specify both addresses (the LAN and public ip) of the master, then the
> notify is accepted!
>
> > So the question is: is 192.168.131.102 listed as a primary? On the
> > secondary use:
> >
> > pdnsutil show-zone fast.za.net
>
> It is now:
>
> # pdnsutil show-zone fast.za.net
> Oct 08 17:11:50 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0
> removed
> This zone is owned by gts
> This is a Slave zone
> Primaries: 197.214.119.180:53 192.168.131.102:53
>
> > The Primaries list will be in the second line.
> >
> > If it is not listed you might want to add it, using pdnsutil
> > change-secondary-zone-primary, or alternatevily use TSIG signed
> > notifies or list the notify source as a
> > https://docs.powerdns.com/authoritative/settings.html#trusted-notification-proxy
>
> I have listed all my primaries (Mail-in-a-box) servers as trusted proxies,
> so let's see if that is sufficient.
>
> Roland
Having both addresses listed as primaries might not be needed,
depending on your setup. And *also* including the addresses in
trusted-notification-proxy sounds like extra overkill.
-Otto
More information about the Pdns-users
mailing list