Hi Sadiq,

thank you for sharing your Knot issue with us.

You might try (temporary) lowering the log level from 'info' to 'debug' on sekhmet, in order to see potential "ACL denied" message.

Anyway, I can see in your configuration files that you are using two 'remote' instances for one machine. This has probably nothing to do with this issue, but it can cause different kinds of issues. Idiomatic configuration should look like (for example):

remote:
  - id: horus
    address: [ 192.67.222.53@53, 2620:98:400a::53@53 ]

Let us know your next findings,

Thanks,

Libor

Dne 27. 12. 20 v 2:32 Sadiq Saif napsal(a):
Hi all,

I can't quite figure this out, I have two servers running Knot DNS 3.0.3 on Ubuntu 20.04.

horus.bastetrix.net is the primary, sekhmet.bastetrix.net is the secondary.

One of the zones hosted on these servers is selfhosting.cloud.

Whenever I commit a change to selfhosting.cloud, this happens in the log. As you can see, for some reason the IPv4 address returns a NOTAUTH error and then Knot successfully notifies over IPv6.

Dec 27 00:53:37 horus.bastetrix.net knotd[174159]: warning: [selfhosting.cloud.] notify, outgoing, remote 192.195.251.53@53, server responded with error 'NOTAUTH'
Dec 27 00:53:37 horus.bastetrix.net knotd[174159]: info: [selfhosting.cloud.] notify, outgoing, remote 2620:98:400c::53@53, serial 5
Dec 27 00:53:38 horus.bastetrix.net knotd[174159]: info: [selfhosting.cloud.] IXFR, outgoing, remote 2620:98:400c::53@36778, started, serial 4 -> 5
Dec 27 00:53:38 horus.bastetrix.net knotd[174159]: info: [selfhosting.cloud.] IXFR, outgoing, remote 2620:98:400c::53@36778, finished, 0.00 seconds, 1 messages, 295 bytes

sekhmet only logs a successful notify and IXFR from the v6 address, nothing about the failed v4 notify:

Dec 27 00:53:37 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] notify, incoming, remote 2620:98:400a::53@58782, serial 5
Dec 27 00:53:38 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] refresh, remote 2620:98:400a::53@53, remote serial 5, zone is outdated
Dec 27 00:53:38 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] IXFR, incoming, remote 2620:98:400a::53@53, started
Dec 27 00:53:38 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] IXFR, incoming, remote 2620:98:400a::53@53, finished, 0.00 seconds, 1 messages, 295 bytes
Dec 27 00:53:38 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] refresh, remote 2620:98:400a::53@53, zone updated, 0.40 seconds, serial 4 -> 5
Dec 27 00:53:38 sekhmet.bastetrix.net knotd[536887]: info: [selfhosting.cloud.] zone file updated, serial 4 -> 5

I am attaching the knot.conf for both servers. I double checked both configs multiple times and don't see why that particular warning is happening during zone notify.

Can someone shed some light on this mystery?

--
Sadiq Saif
https://bastetrix.com