[Re: 3.0.1 secondary issues.]

Wouter Wijngaards wouter at NLnetLabs.nl
Tue Sep 19 13:11:47 UTC 2006


And one for the mailing list, there is IP4, IP6 and ip4mappedtoip6.
Some networkd stacks like to ip4map your packets.

Best regards,
   Wouter
----- Forwarded message from Wouter Wijngaards <wouter at NLnetLabs.nl> -----
On Tue, Sep 19, 2006 at 09:43:09AM +0200, M??ns Nilsson wrote:
> Hi, 
> 
> I'm having a number of problems with my NSD 3. I am trying to serve SE, as
> a AXFR client, with the following config file: (some obfuscation
> performed.. )
> 
>         # for nsdc
>         allow-notify: ::1 NOKEY
>         allow-notify: 127.0.0.1 NOKEY
> 
> The symptoms are that even when I'm manually triggering updates (nsdc
> update) there is no zone update performed. The masters are said to be
> sending notifies. 
> 
> The only way I can get new zones in is by stopping NSD, and removing old
> data files. 
> 
> Am I doing anytrhing blatantly wrong? 

Nothing in particular but it could be that the OS puts your ip4 addresses
as ip4mapped ip6 addresses. And that you need to allow :ffff::127.0.0.1
access to notify. I have seen this happen on a Solaris IP stack, even if
you send to 127.0.0.1.

This may also apply to the notifies sent by the master.
You could start nsd with -L 2 (only in --enable-checking configured) to
see something happen in the log file. If a valid notify arrives it will be 
logged.
If the notify is not allowed, you can see which acls it is testing it against.

Best regards,
   Wouter

----- End forwarded message -----



More information about the nsd-users mailing list