[Pdns-users] Notify from master is not accepted
Roland Giesler
roland at giesler.za.net
Tue Oct 8 16:54:49 UTC 2024
On 2024/10/08 17:49, Otto Moerbeek wrote:
> On Tue, Oct 08, 2024 at 05:25:29PM +0200, Roland Giesler wrote:
>
>> On 2024/10/08 07:43, Otto Moerbeek wrote:
>>>> What should I do to allow the changes onto PowerDNS?
>>> allow-notify-from only works on the network, by default a secondary
>>> zone still only allows notifies from IPs mentioned as primary (i.e.
>>> listed in the list of IPs when doing
>>>
>>> pdnsutil create-secondary-zone zone primary...
>> If have tested now that if I simply recreate the zone from the GUI and I
>> specify both addresses (the LAN and public ip) of the master, then the
>> notify is accepted!
>>
>>> So the question is: is 192.168.131.102 listed as a primary? On the
>>> secondary use:
>>>
>>> pdnsutil show-zone fast.za.net
>> It is now:
>>
>> # pdnsutil show-zone fast.za.net
>> Oct 08 17:11:50 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0
>> removed
>> This zone is owned by gts
>> This is a Slave zone
>> Primaries: 197.214.119.180:53 192.168.131.102:53
>>
>>> The Primaries list will be in the second line.
>>>
>>> If it is not listed you might want to add it, using pdnsutil
>>> change-secondary-zone-primary, or alternatevily use TSIG signed
>>> notifies or list the notify source as a
>>> https://docs.powerdns.com/authoritative/settings.html#trusted-notification-proxy
>> I have listed all my primaries (Mail-in-a-box) servers as trusted proxies,
>> so let's see if that is sufficient.
>>
>> Roland
> Having both addresses listed as primaries might not be needed,
> depending on your setup. And *also* including the addresses in
> trusted-notification-proxy sounds like extra overkill.
Yes, both trusted-notification-proxy and multiple master ip addresses
are indeed overkill. Since I don't have that many domains yet anyway, I
may just recreate them all. Or just go with
trusted-notification-proxy's... I sleep on it and make a call.
Thanks all
Roland
>
> -Otto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20241008/62dca226/attachment.htm>
More information about the Pdns-users
mailing list