On 05/04/2017 12:10 AM, David Jones wrote: > I have a PowerDNS server setup as a slave and see this in my logs > constantly: > > Received NOTIFY for example.com from 1.2.3.4 but remote is not > permitted by TSIG or allow-notify-from > > I was hoping to not have to maintain a long list of master IPs in the > allow-notify-from. One would think that the IP being listed in the > domains.master table would automatically allow NOTIFYs for that > domain. One would also think that an IP being listed in the > supermaster.ip table would allow NOTIFYs from that supermaster. > > Am I missing something? Will I need to add something to the > domainmetadata table to allow NOTIFYs?
'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows everything. Of course additional checks are performed afterwards, like checking if the configuration requires a valid TSIG signature, whether we are authoritative for the domain, that we are not master for it and that the notifications comes from a known master or a super-master. Regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
