Have one NSD master and multiple slave servers. Notify from master to slave w/ AXFR works, however, it doesn?t appear that the master server is getting the ?ACK? back from the slave that notify has been received. Is there any info on the return traffic. I assume the master server is sending from unprived src port to dst port 53. Is the ACK sent back from 53 to the master server? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://inoc.net/~rblayzor/
W.C.A. Wijngaards
2018-Jan-11 08:27 UTC
[nsd-users] master to slave DNS notify and firewall
Hi Robert, On 10/01/18 22:55, Robert Blayzor wrote:> Have one NSD master and multiple slave servers. > > Notify from master to slave w/ AXFR works, however, it doesn?t appear that the master server is getting the ?ACK? back from the slave that notify has been received. > > > Is there any info on the return traffic. I assume the master server is sending from unprived src port to dst port 53. > > Is the ACK sent back from 53 to the master server?Yes the notify ACK is sent back from port 53. In code, by the server process that handled the reception of the notify packet. Internally it then gets transferred to the xfrd process that handles the zone transfer itself. Also note that the zone has to be configured to allow notifies from the master, with allow-notify: <IPaddress> NOKEY. The IPAddress can be a netblock (eg. IPaddress/24). Otherwise not only are they not answered, they are also dropped and ignored. The timers from the SOA record then cause zone transfers, this could be happening, I guess. Best regards, Wouter> > > -- > inoc.net!rblayzor > XMPP: rblayzor.AT.inoc.net > PGP: https://inoc.net/~rblayzor/ > > > > > > > > > > > > > > > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20180111/ed08b4cd/attachment.bin>