On Mon, Oct 07, 2024 at 06:30:56PM +0200, Roland Giesler via Pdns-users wrote:
> I'm running my primary DNS on Power Mail-in-a-Box, which runs BIND9's NAMED
> and sends notifications when a domain's zone file changes.
>
> I have set PowerDNS's config to accept these from the LAN and Public ip of
> the master, but I see this error in syslog. (The DNS is a NAT'ted server)
>
> Oct 7 17:13:43 PowerDNS pdns_server[125]: Received NOTIFY for fast.za.net
> from 192.168.131.102 which is not a master (Refused)
> Oct 7 17:13:43 PowerDNS pdns_server[125]: message repeated 9 times: [
> Received NOTIFY for fast.za.net from 192.168.131.102 which is not a master
> (Refused)]
>
> My config file has:
>
> allow-axfr-ips=197.214.119.180/32,192.168.131.0/24,127.0.0.0/8,::1,169.255.79.10/24
> allow-notify-from=197.214.119.180/32,192.168.131.0/24,::/0
>
> What should I do to allow the changes onto PowerDNS?
allow-notify-from only works on the network, by default a secondary
zone still only allows notifies from IPs mentioned as primary (i.e.
listed in the list of IPs when doing
pdnsutil create-secondary-zone zone primary...
So the question is: is 192.168.131.102 listed as a primary? On the
secondary use:
pdnsutil show-zone fast.za.net
The Primaries list will be in the second line.
If it is not listed you might want to add it, using pdnsutil
change-secondary-zone-primary, or alternatevily use TSIG signed
notifies or list the notify source as a
https://docs.powerdns.com/authoritative/settings.html#trusted-notification-proxy
-Otto
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
