Hi Michael, Can you provide full (unedited) config files please?
A lot of info is missing to be able to help you fix this problem. Please see https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/ <https://blog.powerdns.com/2016/01/18/open-source-support-out-in-the-open/> for more information. Frank > On 13 Nov 2021, at 20:00, Fox, Michael E. via Pdns-users > <pdns-users@mailman.powerdns.com <mailto:pdns-users@mailman.powerdns.com>> > wrote: > > Howdy, > > I’m new to PowerDNS. I’m using the authoritative server with the BIND > backend for some testing. (Don’t need power or complexity of a DB backend). > > Fake IPs: > 11.11.11.11 master > 22.22.22.22 slave > > I’ve got a master and slave configured with three zones and doing zone > transfers. Initially, I didn’t have TSIGs and have the following configured > in pdns.conf on the master: > > allow-axfr-ips=127.0.0.0/8,::1,22.22.22.22 > > Now I’d like to configure TSIG. But the instructions here seem to be related > to DB backends: > https://doc.powerdns.com/authoritative/tsig.html#tsig-provision-signed-notify-axfr > > <https://doc.powerdns.com/authoritative/tsig.html#tsig-provision-signed-notify-axfr> > > I’d like to stick to the BIND backend. But I get errors when trying the same > type of configuration options in named.conf that work in regular BIND. > > Here’s what I did: > > On the master: > > key “keyname” { > algorithm hmac-sha256; > secret “…”; > }; > > zone “zonename” { > file …; > type master; > allow-transfer { 22.22.22.22 key “keyname”; }; > }; > > On the slave: > > key “keyname” { > algorithm hmac-sha256; > secret “…”; > }; > > zone “zonename” { > file …; > type slave; > masters { 11.11.11.11 key “keyname”; }; ß I get a syntax error on this, > even though it works in regular BIND. > }; > > So, I changed the slave to: > > server 11.11.11.11 { > keys { “keyname”; }; > }; > > zone “zonename” { > file …; > type slave; > masters { 11.11.11.11 }; ß no more syntax error. > }; > > And, in pdns.conf, I set “allow-axfr-ips” back to the default: > > allow-axfr-ips=127.0.0.0/8,::1 > > But when I restart the slave, I get the following error: > > Unable to AXFR zone ‘zonename' from remote 11.11.11.11' (resolver): AXFR > chunk error: Server Not Authoritative for zone / Not Authorized (This was the > first time. Excluding zone from slave-checks until 1636827466) > > Any help would be greatly appreciated! > > Michael > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com <mailto:Pdns-users@mailman.powerdns.com> > https://mailman.powerdns.com/mailman/listinfo/pdns-users > <https://mailman.powerdns.com/mailman/listinfo/pdns-users> Frank Louwers PowerDNS Certified Consultant @ Kiwazo.be
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
