From: Paul de Weerd <we...@weirdnet.nl>
To: openbsd <misc@openbsd.org>
Date: Sat, 5 Aug 2023 19:31:06 +0200
Subject: Re: nsd listening on localhost is zone transfer possible transfer ?
On Fri, Aug 04, 2023 at 06:23:48PM +0100, Shadrock Uhuru wrote:
| hi everyone
| i have unbound setup on port 53
| and nsd listening on localhost port 53530
| i have set up another dns server as a secondary
| am i correct to assume that i can't zone transfer because
| as the nsd's are listening on localhost
| the primary can't reach the secondary ?
|
| i have these errors on the primary
| error: xfrd: zone 1.10.10.in-addr.arpa: max notify send count reached,
10.10.1.5 unreachable
| error: xfrd: zone forwardzone: max notify send count reached, 10.10.1.5
unreachable
Your question isn't quite clear .. where is this other dns server
located? Is it on the same network?
yes in the same network.
If you have NSD only listening on localhost, I'm not sure by which
logic you concluded that a secondary nameserver would be able to talk
to it at all, let alone do zone transfers?
this was my thought but was just checking.
At any rate, IP addresses in the 10/8 range are free - you can use
more than one without incurring a cost. Then configure your NSD to
listen to the additional address and transfer from there. If you have
IPv6, this will probably even apply to globally routable addresses.
thanks for the suggestion.
Paul 'WEiRD' de Weerd
--
++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
