On May 4, 2017 3:52:40 AM EDT, Remi Gacogne <[email protected]> wrote: >On 05/04/2017 12:10 AM, David Jones wrote: >> I have a PowerDNS server setup as a slave and see this in my logs >> constantly: >> >> Received NOTIFY for example.com from 1.2.3.4 but remote is not >> permitted by TSIG or allow-notify-from >> >> I was hoping to not have to maintain a long list of master IPs in the >> allow-notify-from. One would think that the IP being listed in the >> domains.master table would automatically allow NOTIFYs for that >> domain. One would also think that an IP being listed in the >> supermaster.ip table would allow NOTIFYs from that supermaster. >> >> Am I missing something? Will I need to add something to the >> domainmetadata table to allow NOTIFYs? > >'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows >everything. Of course additional checks are performed afterwards, like >checking if the configuration requires a valid TSIG signature, whether >we are authoritative for the domain, that we are not master for it and >that the notifications comes from a known master or a super-master. > >Regards,
But aren't they saying that they have their slaves listed as supermasters but are still being ignored? I thought I had noticed this happening too. I added mine to allow-notify-from... -- Thanks. Fabian S. OpenPGP: 3c3fa072accb7ac5db0f723455502b0eeb9070fc _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
