[nsd-users] [PARTIALLY SOLVED] zones with TLSA records fail to transfer to opendnssec
Michael Grimm
trashcan at odo.in-berlin.de
Sun Apr 26 19:49:56 UTC 2015
Hi —
Michael Grimm <trashcan at odo.in-berlin.de> wrote:
> All failing zones do have TLSA records in contrast to those zones transfering well.
Well, I do have to report that neither opendnssec nor nsd is to "blame" regarding this issue.
No, it was correlated with my attempts to implement NAT66 some weeks ago. NATing http, smtp, and most other protocols do work well, but the domain protocol might have some issues with FBSD's pf firewall and it's NAT66 implementation, though. Reverting back to IPv6 to IPV6 communication without NAT66 brought back full xfr-ing of my "problematic" zonefiles.
I really don't understand it, and I do not have the capabilities of understanding the technical background, but anyway, it's working again ;-)
Thanks for listening, and regards,
Michael
More information about the nsd-users
mailing list