Hello there, Apologies for my last message. I'm having some errors with my config: my ns1 and ns2 are not transferring between each other. I'm receiving "received notify response error REFUSED" when I attempt zone transfers (using nsd-control notify and nsd-control force_update, respectively).
My setup: I'm using OpenBSD 6.7. Unbound is resovling on port 53; if an authoratitive request is received, Unbound passes to it nsd on localhost over port 5335. This setup works well, except for the problem with ns1 and ns2. I saw another thread that recommeded using the outgoing-interface: attribute, I tried using it without success, specificying specific ports and using defaults, on ipv4 and ipv6. I have also tried with my key and NOKEY, the same errors are logged. I can provide my unbound.conf, forward & reverse zone files if needed. #ns1 nsd.conf server: port: 5335 ip-address: 10.x.y.211 ip-address: fd00:abc::d3 ip-address: 127.0.0.1 ip-address: ::1 server-count: 1 do-ip4: yes do-ip6: yes hide-version: yes identity: "ns1.whatever.xyz" zonesdir: "/var/nsd/etc" logfile: nsd.log verbosity: 2 remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 8952 server-key-file: nsd_server.key server-cert-file: nsd_server.pem control-key-file: nsd_control.key control-cert-file: nsd_control.pem key: name: "sec_key" algorithm: hmac-md5 secret: "redacted" zone: name: "whatever.xyz" zonefile: whatever.xyz.forward" notify: 10.x.y.212 sec_key provide-xfr: 10.x.y.212 sec_key notify: fd00:abc::d4 sec_key provide-xfr: fd00:abc::d4 sec_key zone: name: "x.10.in-addr.arpa" zonefile: "whatever.xyz.reverse" notify: 10.x.y.212 sec_key provide-xfr: 10.x.y.212 sec_key notify: fd00:abc::d4 sec_key provide-xfr: fd00:abc::d4 sec_key #ns2 nsd.conf server: port: 5335 ip-address: 10.x.y.212 ip-address: fd00:abc::d4 ip-address: 127.0.0.1 ip-address: ::1 server-count: 1 do-ip4: yes do-ip6: yes hide-version: yes identity: "ns2.whatever.xyz <http://ns1.whatever.xyz>" zonesdir: "/var/nsd/etc" logfile: nsd.log verbosity: 2 remote-control: control-enable: yes control-interface: 127.0.0.1 control-port: 8952 server-key-file: nsd_server.key server-cert-file: nsd_server.pem control-key-file: nsd_control.key control-cert-file: nsd_control.pem key: name: "sec_key" algorithm: hmac-md5 secret: "redacted" zone: name: "whatever.xyz" zonefile: whatever.xyz.forward" allow-notify: 10.x.y.211 sec_key provide--xfr: 10.x.y.211 sec_key allow-notify: fd00:abc::d3 sec_key provide-xfr: fd00:abc::d3 sec_key zone: name: "x.10.in-addr.arpa" zonefile: "whatever.xyz.reverse" allow-notify: 10.x.y.211 sec_key request-xfr: 10.x.y.211 sec_key allow-notify: fd00:abc::d3 sec_key request-xfr: fd00:abc::d3 sec_key
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
