Hi,
I attempt to add new slave zone DNS.
I manage the domain "stephane-huc.net", on OpenBSD, @home, with nsd, as:
$ grep -v '^;' /etc/ns/stephane-huc.net
$TTL 1H
$ORIGIN stephane-huc.net.
@ IN SOA ns1.stephane-huc.net. postmaster.stephane-huc.net. (
202002102 ;
1D ; refresh
1H ; retry
2W ; expire
1H ; negative
)
@ IN NS ns1.stephane-huc.net.
@ IN NS ledzep.ybad.name.
@ IN NS slave.dns.he.net.
ns1 IN A 88.136.16.221
ns1 IN AAAA 2001:470:cc33:47:c107:b5d:0:3
@ IN MX 5 mx.lautre.net.
@ IN MX 10 mx3.lautre.net.
@ IN A 80.67.160.70
blog IN A 80.67.160.70
ecrits IN A 80.67.160.70
en IN A 80.67.160.70
mail IN A 80.67.160.70
www IN A 80.67.160.70
autoconfig IN CNAME panel.lautre.net.
autodiscover IN CNAME panel.lautre.net.
@ IN CAA 0 iodef "mailto:postmaster@stephane-huc.net"
@ IN CAA 0 issue "letsencrypt.org"
@ IN CAA 0 issuewild "letsencrypt.org"
@ IN TXT "v=spf1 a mx include:spf.lautre.net ~all"
_dmarc IN TXT "v=DMARC1;p=none;pct=100;rua=mailto:postmaster@stephane-huc.net;"
_443._tcp.stephane-huc.net. IN TLSA 3 1 2 48295c1605d5ae91d40b536f4188bbf242efd28baaf425fc476a1324e1d0aa69fcfc3c77a7d4a8eda4f0e910fef827b5a58a89dd6d7dbd40cc1d6a6b5d035a70
As you see, "slave.dns.he.net" in on the zone.
And the nsd config file is:
# grep -v '^#' /var/nsd/etc/nsd.conf
server:
hide-version: yes
verbosity: 1
database: "" # disable database
remote-control:
control-enable: yes
control-interface: /var/run/nsd.sock
key:
name: "kshn"
algorithm: hmac-sha512
secret: "***********"
zone:
name: "stephane-huc.net"
zonefile: "signed/stephane-huc.net"
#zonefile: "zones/master/stephane-huc.net"
# yeuxdelibad/ybad.name
notify: 93.6.177.187 kshn
provide-xfr: 93.6.177.187 kshn
# slave.dns.he.net
notify: 216.218.133.2 NOKEY
provide-xfr: 216.218.133.2 NOKEY
notify: 2001:470:600::2 NOKEY
provide-xfr: 2001:470:600::2 NOKEY
# ns6.gandi.net
notify: 217.70.177.40 NOKEY
provide-xfr: 217.70.177.40 NOKEY
"NOKEY" specifies "NO TSIG"; and as you can see/read, I notify and provide xfr at the IPv4|6 adresses.
But, when I attempt to add as new slave into the web admin of HE, the system reply with:
You must delegate to one or more of the slave nameservers.----
----
Any idea/suggestion?!
----
Here, dig replies:
$ dig SOA stephane-huc.net @ns1.stephane-huc.net
; <<>> DiG 9.11.14-3-Debian <<>> SOA stephane-huc.net @ns1.stephane-huc.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42445
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net. IN SOA
;; ANSWER SECTION:
stephane-huc.net. 3600 IN SOA ns1.stephane-huc.net. postmaster.stephane-huc.net. 1581321072 86400 86400 1209600 3600
;; AUTHORITY SECTION:
stephane-huc.net. 3600 IN NS ns1.stephane-huc.net.
stephane-huc.net. 3600 IN NS slave.dns.he.net.
stephane-huc.net. 3600 IN NS ledzep.ybad.name.
;; ADDITIONAL SECTION:
ns1.stephane-huc.net. 3600 IN AAAA 2001:470:cc33:47:c107:b5d:0:3
ns1.stephane-huc.net. 3600 IN A 88.136.16.221
;; Query time: 1 msec
;; SERVER: 2001:470:cc33:47:c107:b5d:0:3#53(2001:470:cc33:47:c107:b5d:0:3)
;; WHEN: lun. févr. 10 18:18:43 CET 2020
;; MSG SIZE rcvd: 211
$ dig NS stephane-huc.net @ns1.stephane-huc.net
; <<>> DiG 9.11.14-3-Debian <<>> NS stephane-huc.net @ns1.stephane-huc.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60361
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net. IN NS
;; ANSWER SECTION:
stephane-huc.net. 3600 IN NS ns1.stephane-huc.net.
stephane-huc.net. 3600 IN NS slave.dns.he.net.
stephane-huc.net. 3600 IN NS ledzep.ybad.name.
;; ADDITIONAL SECTION:
ns1.stephane-huc.net. 3600 IN AAAA 2001:470:cc33:47:c107:b5d:0:3
ns1.stephane-huc.net. 3600 IN A 88.136.16.221
;; Query time: 0 msec
;; SERVER: 2001:470:cc33:47:c107:b5d:0:3#53(2001:470:cc33:47:c107:b5d:0:3)
;; WHEN: lun. févr. 10 18:19:01 CET 2020
;; MSG SIZE rcvd: 164
$ dig SOA stephane-huc.net @ledzep.ybad.name
; <<>> DiG 9.11.14-3-Debian <<>> SOA stephane-huc.net @ledzep.ybad.name
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61342
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net. IN SOA
;; ANSWER SECTION:
stephane-huc.net. 3600 IN SOA ns1.stephane-huc.net. postmaster.stephane-huc.net. 2020020916 86400 86400 1209600 3600
;; AUTHORITY SECTION:
stephane-huc.net. 3600 IN NS ns1.stephane-huc.net.
stephane-huc.net. 3600 IN NS slave.dns.he.net.
stephane-huc.net. 3600 IN NS ledzep.ybad.name.
;; ADDITIONAL SECTION:
ns1.stephane-huc.net. 3600 IN A 88.136.16.221
ns1.stephane-huc.net. 3600 IN AAAA 2001:470:cc33:47:c107:b5d:0:3
;; Query time: 49 msec
;; SERVER: 93.6.177.187#53(93.6.177.187)
;; WHEN: lun. févr. 10 19:19:57 CET 2020
;; MSG SIZE rcvd: 211
$ dig NS stephane-huc.net @ledzep.ybad.name
; <<>> DiG 9.11.14-3-Debian <<>> NS stephane-huc.net @ledzep.ybad.name
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26688
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net. IN NS
;; ANSWER SECTION:
stephane-huc.net. 3600 IN NS ns1.stephane-huc.net.
stephane-huc.net. 3600 IN NS slave.dns.he.net.
stephane-huc.net. 3600 IN NS ledzep.ybad.name.
;; ADDITIONAL SECTION:
ns1.stephane-huc.net. 3600 IN A 88.136.16.221
ns1.stephane-huc.net. 3600 IN AAAA 2001:470:cc33:47:c107:b5d:0:3
;; Query time: 51 msec
;; SERVER: 93.6.177.187#53(93.6.177.187)
;; WHEN: lun. févr. 10 19:20:06 CET 2020
;; MSG SIZE rcvd: 164