On 28/06/2024 16:35, Andy Smith via
BitFolk Users wrote:
We are getting REFUSED when we try to do an AXFR. It is a DNS
response, so it's not firewalling - it is the (lack of)
configuration in the DNS server.
I learned that mail-in-a-box uses NSD for its name server.
After a bit of trial and error I believe I have now configured the
zone correctly under the hood.
The Bitfolk monitoring system reports a recovery and the
mail-in-a-box self-test reports reverse DNS is now set correctly for
both versions of IP.
Yay!
My custom zone is configured in its own file under
/etc/nsd/nsd.conf.d/, and the main NSD config file imports
everything in that folder, so I'm hoping this won't get overridden
on upgrades.
I am still seeing some errors in my syslog when NSD restarts though.
===== BEGIN LOG EXTRACT =====
notice: nsd starting (NSD 4.3.9)
notice: nsd started (NSD 4.3.9), pid 2602
error: xfrd: zone 7.3.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: received
notify response error REFUSED from 2001:ba8:1f1:f085::53
error: xfrd: zone richardskingdom.net: received notify response
error REFUSED from 2001:ba8:1f1:f085::53
... (repeats)
error: xfrd: zone 7.3.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: max
notify send count reached, 2001:ba8:1f1:f085::53 unreachable
error: xfrd: zone richardskingdom.net: max notify send count
reached, 2001:ba8:1f1:f085::53 unreachable
===== END LOG EXTRACT =====
The same pattern repeats for each secondary name server IP address
(both IPv6 and IPv4)