help with notify-source

Mark Andrews Mark_Andrews at isc.org
Wed Mar 26 01:42:15 UTC 2008 

> hi Barry,
> yes I did check logs... I even turned on debug logging at level 50... no erro
> rs on startup... no errors at times when NOTIFYs were going out on the wrong 
> IP address (in other words not the IP configured in notify-source). And yes, 
> I am 100% sure I was editing the named.conf that named was using... I just ch
> ecked now, and there is no other named.conf, no chroot directory, etc... 

	How do you know they were going out on the wrong address?
 
> Again, perhaps the issue with BIND and IP's assigned to ethernet alias. BIND 
> kept going to eth1 first, then rotating around all my other IPs on the eth0:[
> 0-3] .... totally ignoring my notify-source. I did post my named.conf... was 
> how I used notify-source ok?

	No you posted a modified version of named.conf which changed
	the IP addresses in question.

	If you fail to specify a notify source most kernels use the
	first address on the interface unless the destination address
	causes the kernel to choose a different address usually
	because the destination address and a virtual address are
	on the same network.

	All notify-source does is cause named to bind(2) the socket
	to the specified address.  If that fails to get the right
	address on the outgoing packet then you have a kernel bug
	in the IP stack.  Named uses bind(2) to ensure that responses
	to queries also originate from the correct IP address.

	If bind(2) is failing then responses to queries to the virtual
	address would also fail.
	
	Mark

> > hi Mark,
> > Oh I did restart named for sure - several times. Not just reload, but 
> > restart. And I definitely used addresses
> > copied from ifconfig, so that wasn't the issue either (just to make sure I 
> > didn't typo).
> > named-checkconf reported no errors.  I also scoured iptables for some 
> > blocking condition
> > that could cause BIND to mess up. Nothing appeared out of order.
> > 
> > The only thing I can think of, if it is a BIND bug, is that the IP I used f
> or 
> > notify-source was
> > an IP assigned to an ethernet alias (RHEL5).
> > 
> > In any case, I wouldn't bet that there isn't some other misconfiguration of
>  
> > mine that is causing this
> > but it sure isn't obvious. 
> 
> Are you absolutely sure that the config file you were editing is the one 
> that named is using?  There have been many occasions when someone has 
> edited /etc/named.conf, but their system was actually using 
> /etc/named/named.conf, or something like that.
> 
> Have you checked your log to see if it's reporting any errors when it 
> starts up?
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> 
> 
> 
> 
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list