I would like to follow up on my previous message on the mailing list by
saying that I have finally focused my issue to the tsig/ key ... The
authoritative nsd1(master) & nsd2 (slave) after NOKEY change works
without an issue and I'm able to get zone records; having said that, I
would like to have the keys set up / DNSSEC.
When setting up keys, setting up allow-query, and setting up patterns on
each zone the previous unbound log still occurs (refuse) BUT now I can
see new logs in the NSD not previously available (SLAVE ns2 works with
keys and without keys meaning it gets serial from each of the zones in
master / no error in nsd log)...
The new logs entries after TSIG changes in nsd.log (Master):
[2022-12-10 19:17:57.370] nsd[6338]: info: query example.com. from DNS1
(unbound1_Global) refused, no acl matches .
[2022-12-10 19:17:57.778] nsd[6338]: info: query example.com. from DNS1
(unbound1_Local_Alias) refused, no acl matches .
[2022-12-10 19:17:57.370] nsd[6338]: info: query example.com. from DNS2
(unbound1_Global) refused, no acl matches .
[2022-12-10 19:17:57.778] nsd[6338]: info: query example.com. from DNS2
(unbound1_Local_Alias) refused, no acl matches .
This occurs every time I used drill/dig to get information on the NSD
zones I set up with the key.
I have looked into the issues but I have not been able to find exactly
what the log means no acl matches or how to remedy it because I was
under the impression that with the allow-query option in the pattern
section and adding it to the zones it would serve as an access control
list for NSD (maybe there is something else I must add as an acl). Any
assistance on properly configuring this final step would be appreciated,
I am kind of stuck at the moment.
-
Josh
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
