search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.86k stars 401 forks source link

RFC2136 refused with TSIG #755

Closed CRASH-Tech closed 9 months ago

CRASH-Tech commented 9 months ago

Hello, I still here :) I was fixed exretnal-dns, and without TSIG it work perfectly. But with TSIG I have refused reply, it's strange becaue I was set "ANY" in update record types.

[2023-10-07 11:10:58 UTC] [10.171.120.201:40446] [TCP] DNS Server received a zone UPDATE request for zone: xfix.org
[2023-10-07 11:10:58 UTC] [10.171.120.201:40446] [TCP] DNS Server refused a zone UPDATE request [vmselect.xfix.org A IN] due to Dynamic Updates Security Policy for zone: xfix.org
[2023-10-07 11:10:58 UTC] [10.171.120.201:40446] [TCP] QNAME: xfix.org; QTYPE: SOA; QCLASS: IN; RCODE: Refused; ANSWER: []

image image image image

ShreyasZare commented 9 months ago

Thanks for the details. The domain name specified in Security Policy must be the exact same domain which you need to update. If you want to have a policy to allow updating any subdomain name then use wildcard domain like *.xfix.org.

CRASH-Tech commented 9 months ago

Oh, thanks! My mistake. Thanks for this wonderful product!