On 05/04/2017 12:09 PM, Fabian A. Santiago wrote: >> 'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows >> everything. Of course additional checks are performed afterwards, >> like checking if the configuration requires a valid TSIG signature, >> whether we are authoritative for the domain, that we are not master >> for it and that the notifications comes from a known master or a >> super-master. >> >> Regards, > > But aren't they saying that they have their slaves listed as > supermasters but are still being ignored?
The 'allow-notify-from' check is performed first, and the other checks are only performed if the source address of the NOTIFY message is allowed. So if 'allow-notify-from' doesn't allow your slaves in the first place, it won't work. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
