On May 4, 2017 6:15:35 AM EDT, Remi Gacogne <[email protected]> wrote: >On 05/04/2017 12:09 PM, Fabian A. Santiago wrote: >>> 'allow-notify-from' defaults to '0.0.0.0/0,::/0', which allows >>> everything. Of course additional checks are performed afterwards, >>> like checking if the configuration requires a valid TSIG signature, >>> whether we are authoritative for the domain, that we are not master >>> for it and that the notifications comes from a known master or a >>> super-master. >>> >>> Regards, >> >> But aren't they saying that they have their slaves listed as >> supermasters but are still being ignored? > >The 'allow-notify-from' check is performed first, and the other checks >are only performed if the source address of the NOTIFY message is >allowed. So if 'allow-notify-from' doesn't allow your slaves in the >first place, it won't work.
Thanks I get it now. I kind of assumed that and listed them but I had the same question in mind. Thanks again. -- Thanks. Fabian S. OpenPGP: 3c3fa072accb7ac5db0f723455502b0eeb9070fc _______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
