Fantastic. Appreciate the response. Works perfectly now. Thank you very much. ________________________________ From: Anand Buddhdev <ana...@ripe.net> Sent: Wednesday, July 20, 2022 9:32 AM To: Peter Fraser <p_fra...@hotmail.com>; nsd-users@lists.nlnetlabs.nl <nsd-users@lists.nlnetlabs.nl> Subject: Re: [nsd-users] Replication Failing
On 19/07/2022 18:55, Peter Fraser via nsd-users wrote: Hi Peter, This is a common misunderstanding with most people. They mistakenly assume that if a process is listening on port X, that it will also initiate outgoing connections from the same port X. Even though your DNS2 NSD is _listening_ on port 53000, when it makes an _outgoing_ TCP connection to DNS1 NSD for XFR of "my_domain.net", it will use a random source port. However, you are _only_ allowing connections from DNS2's IP and a specific source port in the "provide-xfr" directive on DNS1's NSD. Just remove the @53000. Regards, Anand > DNS1 with NSD.conf relevant settings > IP: 192.168.1.2 > Unbound Port: 53 > NSD Port: 54000 > > ip-address: 192.168.1.2 > do-ip4: yes > port: 54000 > hide-version: yes > > pattern: > name: "dns2" > notify: 192.168.1.3@53000 NOKEY > provide-xfr: 192.168.1.3@53000 NOKEY > outgoing-interface: 192.168.1.2@54000 > > zone: > name: "my_domain.net" > zonefile: my_domain.net.zone > include-pattern: "dns2" [snip]
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
