Hi MRob, Could you please try a ‘dig AXFR domain.com’ from your slave?
Could you also provide us a full packet capture (pcap if possible)? I am starting to suspect a firewall issue… Frank > On 1 Dec 2018, at 22:44, MRob <mro...@insiberia.net> wrote: > >> All supermaster problems I know of can be resolved by checking the >> checklist: >> https://doc.powerdns.com/authoritative/modes-of-operation.html?highlight=supermaster#supermaster-automatic-provisioning-of-slaves > > * supermaster support must be enabled > I already asked about this on unanswered inquiry over a week ago. Master is > version 4.1 where I think the setting is not recognized (according to docs, > added in 4.2) thus no- I didn't use it. Would appreciate to have > clarification the use of that setting, how 4.1 works without it and what it > adds to 4.2. Also if you have supermaster=yes then should master=yes be > removed? Documentation does not make it clear > > * The supermaster must carry a SOA record for the notified domain > Yes it does > > * The supermaster IP must be present in the ‘supermaster’ table > Yes, I said in my last email it exists and can assume this is working because > as I explained the supermaster causes an entry to the ``domains'' table on > the slave if I use 4.1 slave. 4.2 slave alone is refusing the NOTIFY. > > * The set of NS records for the domain, as retrieved by the slave from the > supermaster, must include the name that goes with the IP address in the > supermaster table > dig shows me this is true, both @ the master and without @ to local resolver > > * If your master sends signed NOTIFY it will mark that TSIG key as the TSIG > key used for retrieval as well > When slave is 4.1 yes it added entry to ``domainmetadata'' table as well as > ``domains''. So appears working good. Just not adding to ``records'' with no > error expressed. Only v4.2 just refusing the NOTIFY with no error to help > diagnose. > > * If you turn off allow-unsigned-supermaster, then your supermaster(s) are > required to sign their notifications. > Per above I think this is ok > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users