On 2024/10/08 17:49, Otto Moerbeek wrote:
On Tue, Oct 08, 2024 at 05:25:29PM +0200, Roland Giesler wrote:
On 2024/10/08 07:43, Otto Moerbeek wrote:
What should I do to allow the changes onto PowerDNS?
allow-notify-from only works on the network, by default a secondary
zone still only allows notifies from IPs mentioned as primary (i.e.
listed in the list of IPs when doing
pdnsutil create-secondary-zone zone primary...
If have tested now that if I simply recreate the zone from the GUI and I
specify both addresses (the LAN and public ip) of the master, then the
notify is accepted!
So the question is: is 192.168.131.102 listed as a primary? On the
secondary use:
pdnsutil show-zone fast.za.net
It is now:
# pdnsutil show-zone fast.za.net
Oct 08 17:11:50 [bindbackend] Done parsing domains, 0 rejected, 0 new, 0
removed
This zone is owned by gts
This is a Slave zone
Primaries: 197.214.119.180:53 192.168.131.102:53
The Primaries list will be in the second line.
If it is not listed you might want to add it, using pdnsutil
change-secondary-zone-primary, or alternatevily use TSIG signed
notifies or list the notify source as a
https://docs.powerdns.com/authoritative/settings.html#trusted-notification-proxy
I have listed all my primaries (Mail-in-a-box) servers as trusted proxies,
so let's see if that is sufficient.
Roland
Having both addresses listed as primaries might not be needed,
depending on your setup. And *also* including the addresses in
trusted-notification-proxy sounds like extra overkill.
Yes, both trusted-notification-proxy and multiple master ip addresses
are indeed overkill. Since I don't have that many domains yet anyway, I
may just recreate them all. Or just go with
trusted-notification-proxy's... I sleep on it and make a call.
Thanks all
Roland
-Otto
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
