30 Jun
2024
30 Jun
'24
12:38 p.m.
Hi,
On Sat, Jun 29, 2024 at 10:13:45PM +0100, Richard King via BitFolk Users wrote:
After a bit of trial and error I believe I have now
configured the zone
correctly under the hood.
The Bitfolk monitoring system reports a recovery and the mail-in-a-box
self-test reports reverse DNS is now set correctly for both versions of IP.
Yes it all seems good now. 👍
I am still seeing some errors in my syslog when NSD
restarts though.
In short these can be ignored for now.
error: xfrd: zone
7.3.0.f.1.f.1.0.8.a.b.0.1.0.0.2.ip6.arpa: received notify
response error REFUSED from 2001:ba8:1f1:f085::53
Explanation:
When you make a change to your zone, your NSD sends put NOTIFY
messages to tell secondary servers that they should check for that
update. I expect that by default it sends NOTIFY messages to every
IP address of every server listed in the NS set of your zone.
Due to a limitation on our side at the moment you can only have one
primary NS server IP address set for a secondary DNS zone, so we use
the main IPv4 address of your VM¹. We only accept NOTIFY messages
from that IP.
Therefore when your VM sends out NOTIFY messages on IPv4, that works
and we do an AXFR. That has happened and that's why things work now.
But when it sends them out on IPv6 we reject them because they're
not from addresses that we expect.
It is not terrible to just accept NOTIFY messages; all they do is
cause us to check the configured primary server for updates (yours).
So maybe we could loosen things up a bit and do that.
Or you could configure your NSD to *only* send NOTIFY to us at
85.119.80.222.
Or just do nothing as it isn't a big problem.
Thanks,
Andy
¹ People who really want to be IPv6-only can at the moment have this
set to an IPv6 address instead, but then transfers and notifies
don't work over IPv4.
--
https://bitfolk.com/ -- No-nonsense VPS hosting