Hi Andy
On 28/06/2024 16:35, Andy Smith via BitFolk Users wrote:
We are getting REFUSED when we try to do an AXFR. It
is a DNS
response, so it's not firewalling - it is the (lack of)
configuration in the DNS server.
I learned that mail-in-a-box uses NSD for its name server.
After a bit of trial and error I believe I have now configured the zone
correctly under the hood.
The Bitfolk monitoring system reports a recovery and the mail-in-a-box
self-test reports reverse DNS is now set correctly for both versions of IP.
Yay!
My custom zone is configured in its own file under /etc/nsd/nsd.conf.d/,
and the main NSD config file imports everything in that folder, so I'm
hoping this won't get overridden on upgrades.
I am still seeing some errors in my syslog when NSD restarts though.
===== BEGIN LOG EXTRACT =====
notice: nsd starting (NSD 4.3.9)
notice: nsd started (NSD 4.3.9), pid 2602
error: xfrd: zone 7.3.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: received
notify response error REFUSED from 2001:ba8:1f1:f085::53
error: xfrd: zone
richardskingdom.net: received notify response error
REFUSED from 2001:ba8:1f1:f085::53
... (repeats)
error: xfrd: zone 7.3.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: max notify
send count reached, 2001:ba8:1f1:f085::53 unreachable
error: xfrd: zone
richardskingdom.net: max notify send count reached,
2001:ba8:1f1:f085::53 unreachable
===== END LOG EXTRACT =====
The same pattern repeats for each secondary name server IP address (both
IPv6 and IPv4)
Any ideas what might be causing these errors?
Cheers
Richard.