NS also in SOA doesn't get NOTIFY

Kevin Darcy kcd at chrysler.com
Thu Oct 27 16:42:24 UTC 2011

On 10/27/2011 11:02 AM, Jonathan Stewart wrote:
> Hello,
> Recently I set up a group of nameservers using a hidden master,
> visible slaves configuration.
> ns0 - hidden master
> ns1, ns2, ns3 - visible slave servers
> So I set the SOA and NS records like this
> zone.example  IN SOA ns1.zone.example. hostmaster.example.com (
>       1            ; serial number
>       3600         ; refresh   [1h]
>       600          ; retry     [10m]
>       86400        ; expire    [1d]
>       3600 )
>        IN NS  ns1.zone.example
>        IN NS  ns2.zone.example
>        IN NS  ns3.zone.example
> Thus, the hidden master, ns0, does not appear in the SOA or NS records.
> The problem is that NOTIFY messages do not get delivered to ns1,
> because it's the primary server in the SOA record.  If i change the
> SOA to have ns0, then NOTIFYs work, ns1 updates immediately.  I don't
> like this solution because my hidden master is no longer hidden when
> I'm publishing it in the SOA.
> Also, is this normal/expected behaviour?  How can i get ns0 (and the
> others) to NOTIFY ns1 when the serial is incremented?  Must i use an
> explicit {also-notify} ?
Why not put something completely different -- i.e. neither the hidden 
master nor any of the published NSes -- in the SOA.MNAME? Besides 
NOTIFY, about the only other thing that cares about SOA.MNAME is Dynamic 
Update, and that usually requires special handling in a hidden-master 
scenario anyway...

                     - Kevin

More information about the bind-users mailing list