Discussion:
[Opendnssec-user] Configure IP used for outgoing notify messages
Marc Richter
2017-02-01 14:41:43 UTC
Permalink
Hi,

we have the ODS signer configured with multiple listener IPs.

Now, when sending out the notify messages to the external auth server,
once a zone has been (re)signed, we want those notifies to be sent
out using a specific IP.

According to

https://wiki.opendnssec.org/display/DOCS/addns.xml

there doesn't seem to be any configuration option for that in

<Adapter><DNS><Outbound><Notify>

Is that correct ?
Is there any other way how this could be configured ?

Thanks & Regards
Marc
Yuri Schaeffer
2017-02-01 15:44:07 UTC
Permalink
Hi Marc,
Post by Marc Richter
we have the ODS signer configured with multiple listener IPs.
Now, when sending out the notify messages to the external auth server,
once a zone has been (re)signed, we want those notifies to be sent
out using a specific IP.
According to
https://wiki.opendnssec.org/display/DOCS/addns.xml
there doesn't seem to be any configuration option for that in
<Adapter><DNS><Outbound><Notify>
Is that correct ?
Is there any other way how this could be configured ?
Indeed. There is no configuration option for it, so interface selection
is left to the OS. But that will not always make the decision you want
if the address is routable via multiple interfaces.

In the upcoming 2.1 release outgoing notifies will bind to the first
interface mentioned in the outbound list:
https://github.com/opendnssec/opendnssec/commit/028e769e5784d1916da955fa73d7140823aa154f
That will cover your use case I think.

//Yuri
Marc Richter
2017-02-01 16:06:32 UTC
Permalink
Hi Yuri,

thanks for the quick answer !
Post by Yuri Schaeffer
In the upcoming 2.1 release outgoing notifies will bind to the first
https://github.com/opendnssec/opendnssec/commit/028e769e5784d1916da955fa73d7140823aa154f
That will cover your use case I think.
Yes, pretty much looks like it.

But just to be sure, what exactly refers

notify->xfrhandler->engine->dnshandler->interfaces->interfaces[0]

to, if translated to a config file and config option ?

<Configuration><Signer><Listener> in conf.xml, or something else ?

Regards
Marc
Hoda Rohani
2017-02-02 08:35:19 UTC
Permalink
Hi Marc,
Post by Marc Richter
Hi Yuri,
thanks for the quick answer !
Post by Yuri Schaeffer
In the upcoming 2.1 release outgoing notifies will bind to the first
https://github.com/opendnssec/opendnssec/commit/028e769e5784d1916da955fa73d7140823aa154f
That will cover your use case I think.
Yes, pretty much looks like it.
But just to be sure, what exactly refers
notify->xfrhandler->engine->dnshandler->interfaces->interfaces[0]
to, if translated to a config file and config option ?
<Configuration><Signer><Listener> in conf.xml, or something else ?
Yes, correct, ods uses first interface in Listener as the source address.

Regards,
Hoda
Post by Marc Richter
Regards
Marc
_______________________________________________
Opendnssec-user mailing list
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
Loading...