Displaying 2 results from an estimated 2 matches for "nsdtest".
Did you mean:
nfstest
2024 Jul 03
1
NSD incorrectly logging DNAME as refused?
...dns for one sub-zone that is being moved,
I noticed that legitimate requests for hosts under that subdomain are working
as expected, howerver they are being logged as refused.
As a quick replicable test, I just did this to demostrate the issue.
Firatlt, add edthis to my dyslexicfish.net domain:
nsdtest IN DNAME hello.example.com.
Then, update serial, reload, watch it propagate to secondaries etc., then
from a machine with no specific acls (i.e. not from one of the primaries
or secondaries:
| # dig sjsjqju2qu.nsdtest.dyslexicfish.net.
|
| ; <<>> DiG 9.18.27 <<>> sjsjq...
2024 Jul 03
3
NSD incorrectly logging DNAME as refused?
...9;t match the querier.
>
> For example with the following config in nsd.conf:
>
> zone:
> ?? ?name: "."
> ??? allow-query: 0::/128 NOKEY
>
> zone:
> ?? ?name: "example"
> ?? ?zonefile: "example"
>
> and an example zone that contains `nsdtest.example. CNAME
> hello.example.com.`, then indeed a query for `nsdtest.example.` gives
> the correct CNAME answer, but a "info: query nsdtest.example. from
> 127.0.0.1 refused, no acl matches" message is logged. NSD logs the
> error trying to add more records while followi...