[nsd-users] acl match failure on solaris 9
Vicky Shrestha
vicky at geeks.net.np
Sun Apr 13 19:01:04 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
update:
The following combination is working for me
# tell nsdc update proper acl is in place
allow-notify: 127.0.0.1 NOKEY
# For matching actual ACL
allow-notify: ::ffff:127.0.0.1 NOKEY
# master server
allow-notify: ::ffff:192.168.0.1 NOKEY
Regards,
Vicky Shrestha
On Apr 14, 2008, at 00:28 AM, Vicky Shrestha wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thanks Wouter,
>
> Indeed after prefixing with ::ffff: to the acl, notify is being
> accepted.
>
> However if I prefix it on 127.0.0.1 it will fail during nsdc update
> with :
>
> nsdc: Could not send notify for slave zone .: not configured (with
> allow-notify: 127.0.0.1 or ::1)
>
> if I have a acl with allow-notify: ::1 (the solaris doesn't have
> ipv6 interface)
> [1208111418] nsd-notify[13692]: warning: timeout (1 s) expired,
> retry notify to ::1.
>
> The following combination is working for me
> allow-notify: 127.0.0.1 NOKEY
> allow-notify: ::ffff:192.168.0.1 NOKEY
>
> Regards,
>
>
> Vicky Shrestha
>
>
>
> On Apr 12, 2008, at 15:19 PM, W.C.A. Wijngaards wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Vicky,
>>
>> I think Solaris 9 (being a little old) forces ip4toip6 mapping. Can
>> you
>> try to enable ::ffff:127.0.0.1 style (4to6 mapped) addresses in
>> your config?
>>
>> On other OSes NSD tries to disable the 4to6 mapping to avoid this.
>>
>> Best regards,
>> ~ Wouter
>>
>> Vicky Shrestha wrote:
>> | Hi,
>> |
>> | On solaris 9 host, the acl checking system is failing although
>> proper
>> | acl are in place.
>> |
>> | setting ip4-only: yes , seems to resolve the issue.
>> |
>> | [1207959794] nsd[9559]: info: got notify for zone: pch.net.;
>> Refused
>> | by acl: no acl matches .
>> | [1207959795] nsd[9559]: info: got notify for zone: pch.net.;
>> Refused
>> | by acl: no acl matches .
>> |
>> | Regards,
>> |
>> |
>> | Vicky Shrestha
>> |
>> |
>> |
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.7 (GNU/Linux)
>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>> iD8DBQFIAII6kDLqNwOhpPgRAqzGAKCU9/u4k4T6AFNdscZluyv6nFAbmACfdHpU
>> 7zfsg974OFwfLyWXRT5S5GU=
>> =deRJ
>> -----END PGP SIGNATURE-----
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
>
> iQEcBAEBAgAGBQJIAlRnAAoJEGi4SIJCvhMLA5sH/iPGPUgdMGMRmoACHUlTboUX
> tak/DCPyPqJa0ZHzXoGYOwhQ3yt5r3l35vrMGTPlpMW0lqwDDqkzPo8COPfBEiBR
> seQa5/SwOdY0SCvgGMIqBbC5ic4fE5C3H/YYlyTemqmcRNnNobgRyK2y9EbelBJ1
> Wp1s3zGfLSkTpLRibjXcdU9sIIGS8FVXT1iBGrbyxLSmS/5nbY4GcnGbusp9nrwv
> /J6k/9QOMyAaXYBSLYVLH5MsB2EP2pzlIfhTgTDSXMvhVuvjqaqLD6KOsojaNqW6
> wT96/hddvkCWMX8Nt0jyqD+LaVJjlsI7CbrgCsMiNgPjFjd8TtkchWaDTGfzctU=
> =P6xw
> -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iQEcBAEBAgAGBQJIAlhwAAoJEGi4SIJCvhMLDbgIAM9GcXD2LpmcFtjZbaPi0RDe
R/o73SOo2UOG+SVxY4FnbtTsHKcDAAAkk6gK3Ip7tJt6jXUEZZHUgVf0Wmuty2AW
5UImtxR3S4jysXR3/RaikpMOzjRVTZDkyykxIJQM2I9+Qx2RzqawS+k/4UgqVH+Z
R8APOEjvTZ3C0iK4ml2lD75CUmvk40bpIvEoHMtDzMzKTPEKEnhe41xWmuy6jg+K
XImxWq39e1+ERrTOhmkK65RNm4sQJilpx/T2YeSxfeoPjgi9GyFRIO8zpJWl5GGv
XkhkTeLMsXFpBM9CApB0lORJD1JpeDZXA9jlAQu2MM3HLDL9QesQqymJDv8YmL4=
=eHtC
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list