help with notify-source

tony z tzucc at yahoo.com
Tue Mar 25 20:03:39 UTC 2008


I managed to hack around "notify-source" not working to my expectations. Since BIND wanted to pick a different IP than I told it to via notify-source and listen-on (I wanted this to be the same IP for both purposes), I did the following:
- took the IP that BIND seemed to really want to send NOTIFY's on (not the different/desired IP in 'notify-source')
- put that IP as the new master DNS IP in the slave definition for allowing transfers from
- added that IP as a second IP in my 'listen-on' so that BIND would listen on #53 connections from the slave starting the transfer
- as an added measure, that IP also went into my notify-source, even though I think (on my config) notify-source is not effective.
Voila. AXFRs happen fast and crisp. So notify-source doesn't seem to work to specify the IP used for NOTIFYs.

----- Original Message ----
From: tony z <tzucc at yahoo.com>
To: comp-protocols-dns-bind at isc.org
Sent: Monday, March 24, 2008 7:16:50 PM
Subject: Re: help with notify-source

Hopefully my other post will get approved .. it shows my named version, and the named.conf... 
I have logs from my backup DNS which shows the slave DNS refusing notify's from my other IPs on the master DNS server... then eventually the right master IP sends the notify, and the AXFR proceeds and completes normally. Do you expect BIND to rotate it's NOTIFYs through various IPs on the multihomed server like this?

Barry Margolin <barmar at alum.mit.edu> wrote: In article , tony z  wrote:

> I have a BIND 9.x server with multiple ethernet interfaces and IPs.

What's the value of x?

> I need the NOTIFY messages to go out on a specific IP, because I am using 
> TSIG updates
> to my slave and that slave will not accept a TCP NOTIFY connection from any 
> other than one of
> my specific IPs.
> I put a notify-source directive inside my zone files and options area, but 
> nothing seems to work.
> BIND/named seems to randomly rotate through all my IPs sending NOTIFY, until 
> it uses the IP
> that my slave wants to hear from, and then the transfer from master to slave 
> happens. But this takes like hours.
> Does notify-source actually work, or am I using the wrong directive or using 
> the right directive in the wrong manner.

Post your named.conf.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***












More information about the bind-users mailing list