bind NOTIFY protocol

Kevin Darcy kcd at daimlerchrysler.com
Wed Jan 3 03:43:39 UTC 2001


Joseph S D Yao wrote:

> On Thu, Dec 21, 2000 at 07:26:20PM -0500, Kevin Darcy wrote:
> > Indeed. Which is why the NOTIFY protocol needs to be enhanced. Stealth
> > slaves should be sending an OPTION in their SOA queries which means "I'm
> > really a slave and I want to be notified if the serial number changes".
>
> Win: you can set up a slave server without updating the master.
>
> Loss: So can someone else that you might not want declaring him- or
> her-self as an authoritative server.  You lose control.

Not really. You can still, as always, forbid zone transfers to that server
via allow-transfer. I'm thinking that the master shouldn't even send a
NOTIFY message to an address that is forbidden to zone-transfer -- why
bother? (Arguably, though, the server should still *remember* the fact that
the machine at that address wanted a NOTIFY, since the allow-transfer could
be reconfig'ed in the interim in such a way as to permit a
previously-forbidden address).

> Loss: You don't have to update the master, so you may forget to declare
> the new slave server as a new authoritative server in the zone file.
> The new slave keeps querying the master for the data after every NOTIFY,
> as well as after expirations, without ever serving the data out.

I was only advocating this as a way to ease maintenance of *stealth* slaves.
In the case of a stealth slave, there are no NS'es to forget to add. In the
case of *registered* slaves, this is a non-issue since they get NOTIFYs by
default anyway.

> Possible Loss: You don't have to update the master, so you may forget
> to change your allow-transfer statement to allow this server to update.

I think the chance of something being overlooked when adding a new slave
server *rises* when there are more steps to be performed in order to
accomplish that task. Since my proposal reduces or eliminates the need for
updating "also-notify", I believe that puts it in the "Win" rather than the
"Loss" column here.


- Kevin






More information about the bind-users mailing list