On 19/07/2022 18:55, Peter Fraser via nsd-users wrote:
Hi Peter,
This is a common misunderstanding with most people. They mistakenly
assume that if a process is listening on port X, that it will also
initiate outgoing connections from the same port X.
Even though your DNS2 NSD is _listening_ on port 53000, when it makes an
_outgoing_ TCP connection to DNS1 NSD for XFR of "my_domain.net", it
will use a random source port. However, you are _only_ allowing
connections from DNS2's IP and a specific source port in the
"provide-xfr" directive on DNS1's NSD. Just remove the @53000.
Regards,
Anand
DNS1 with NSD.conf relevant settings
IP: 192.168.1.2
Unbound Port: 53
NSD Port: 54000
ip-address: 192.168.1.2
do-ip4: yes
port: 54000
hide-version: yes
pattern:
name: "dns2"
notify: 192.168.1.3@53000 NOKEY
provide-xfr: 192.168.1.3@53000 NOKEY
outgoing-interface: 192.168.1.2@54000
zone:
name: "my_domain.net"
zonefile: my_domain.net.zone
include-pattern: "dns2"
[snip]
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
