help with notify-source

ews_inc ewsinc at gmail.com
Tue Mar 25 02:03:30 UTC 2008


On Mar 24, 6:33 pm, Barry Margolin <bar... at alum.mit.edu> wrote:
> In article <fs9jkp$191... at sf1.isc.org>, tony z <tz... at yahoo.com> wrote:
> > I have a BIND 9.x server with multiple ethernet interfaces and IPs.
>
> What's the value of x?
>
> > I need the NOTIFY messages to go out on a specific IP, because I am using
> > TSIG updates
> > to my slave and that slave will not accept a TCP NOTIFY connection from any
> > other than one of
> > my specific IPs.
> > I put a notify-source directive inside my zone files and options area, but
> > nothing seems to work.
> > BIND/named seems to randomly rotate through all my IPs sending NOTIFY, until
> > it uses the IP
> > that my slave wants to hear from, and then the transfer from master to slave
> > happens. But this takes like hours.
> > Does notify-source actually work, or am I using the wrong directive or using
> > the right directive in the wrong manner.
>
> Post your named.conf.
>
> --
> Barry Margolin, bar... at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the group ***

Thanks for any help on this....

x = BIND 9.3.3rc2

the named.conf is:

// Default named.conf generated by install of bind-9.2.4-24.ELu
// changelog:

options {
        hostname "somehost";
        version "ver9";
        blackhole { 213.171.223.128; };
        listen-on { 67.228.17.xxx; };  // virtual ETH for DNS
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        notify-source  67.228.17.xxx ;
        allow-recursion { 127.0.0.1; 67.228.17.xxx; };
        dnssec-enable yes;
};

include "/etc/rndc.key";

include "/var/named/keys/xxx.keys";

logging {
        channel default_log {
                file "/var/log/named/default.log" versions 7 size 1m;
                severity debug 50;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel query_log {
                file "/var/log/named/query.log" versions 7 size 1m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel security_ch {
                file "/var/log/named/named_sec.log" versions 7 size
1m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel dnssec_ch {
                file "/var/log/named/dnssec.log" versions 7 size 1m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        channel log_zone_transfers {
                file "/var/log/named/axfr.log" versions 7 size 1m;
                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category default { default_log; };
        category security { security_ch; };
        category dnssec { dnssec_ch; };
        category queries { query_log; };
        category xfer-out { log_zone_transfers; };
};



// zone file for root servers, fres off internic.net
zone "." {
        type hint;
        file "named.ca";
};


// zone file for localhost
zone "localhost." in{
        type master;
        file "master.localhost";
        allow-update { none; };
};

// zone file for revrerse lookup of localhost
zone "0.0.127.IN-ADDR.ARPA." {
        type master;
        file "localhost.rev";
        allow-update { none; };
};

// zone file for xxx.us
zone "xxx.us" {
        type    master;
        file    "xxx.us";
        allow-transfer { key 101436.163724.xxx; };
};

// zone file for xxx.com
zone "xxx.com" {
        type    master;
        file    "xxx.com";
        allow-transfer { key 101436.163822.xxx; };
};


More information about the bind-users mailing list