notify not getting without also-notify

btb at bitrate.net btb at bitrate.net
Sun Mar 29 21:39:24 UTC 2015 

hi-

i'm having a problem where notifies are not sent unless also-notify is used to explicitly specify hosts.

here is the config from the computer serving the master zone:

>named-checkconf -p
options {
	bindkeys-file "/etc/bind/keys/dnssec/bind.keys";
	blackhole {
		"bogon";
	};
	session-keyalg "hmac-sha512";
	directory "/var/cache/bind";
	hostname "dca-ans-1.example.com";
	interface-interval 0;
	managed-keys-directory "/etc/bind/keys/managed";
	server-id "dca-ans-1.example.com";
	version none;
	additional-from-auth no;
	additional-from-cache no;
	allow-query-cache {
		"none";
	};
	allow-query-cache-on {
		"none";
	};
	allow-recursion {
		"none";
	};
	allow-recursion-on {
		"none";
	};
	dnssec-enable yes;
	empty-zones-enable no;
	minimal-responses yes;
	recursion no;
	allow-query {
		"any";
	};
	allow-query-on {
		"any";
	};
	allow-transfer {
		"loopback";
		"physical_interfaces";
		"slaves";
	};
	check-dup-records fail;
	check-mx fail;
	check-mx-cname fail;
	check-srv-cname fail;
	check-wildcard yes;
	masterfile-format raw;
	zone-statistics full;
};
controls {
	inet 127.0.0.1 port 953 allow {
		127.0.0.1/32;
	} keys {
		"rndc-key-1";
	};
};
acl "loopback" {
	127.0.0.1/32;
	::1/128;
};
acl "physical_interfaces" {
	10.128.13.62/32;
};
acl "local_network" {
	10.0.0.0/8;
};
acl "slaves" {
	10.128.13.63/32;
};
acl "bogon" {
	0.0.0.0/8;
	169.254.0.0/16;
	172.16.0.0/12;
	192.0.0.0/24;
	192.0.2.0/24;
	192.168.0.0/16;
	198.18.0.0/15;
	198.51.100.0/24;
	203.0.113.0/24;
	224.0.0.0/3;
};
logging {
	[...]
};
key "rndc-key-1" {
	algorithm "hmac-md5";
	secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
key "ddns-key-1" {
	algorithm "hmac-sha512";
	secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
zone "10.in-addr.arpa" {
	type master;
	file "/srv/dns/internal/master/reverse/10.in-addr.arpa";
	update-policy {
		grant "ddns-key-1" zonesub "any";
	};
};

and here is the zone being served:

>dig @localhost -x 10 axfr +norec

; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> @localhost -x 10 axfr +norec
; (1 server found)
;; global options: +cmd
10.in-addr.arpa.	86400	IN	SOA	dca-ans-1.example.com. hostmaster.example.com. 2015032904 7200 1800 1209600 3600
10.in-addr.arpa.	86400	IN	NS	dca-ans-1.example.com.
10.in-addr.arpa.	86400	IN	NS	dca-ans-2.example.com.
10.in-addr.arpa.	86400	IN	SOA	dca-ans-1.example.com. hostmaster.example.com. 2015032904 7200 1800 1209600 3600
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 29 17:19:51 EDT 2015
;; XFR size: 16 records (messages 1, bytes 449)

dca-ans-2 resolves to 10.128.13.63:
>host dca-ans-2.example.com
dca-ans-2.example.com has address 10.128.13.63

when i trigger a notify, bind never sends a notify to dca-ans-2:

>rndc trace 3
>rndc notify 10.in-addr.arpa.
zone notify queued

debug.log:
29-Mar-2015 17:25:33.860 general: debug 1: received control channel command 'null'
29-Mar-2015 17:25:33.860 general: info: received control channel command 'notify 10.in-addr.arpa.'
29-Mar-2015 17:25:33.860 general: debug 1: zone_settimer: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:25:33.860 general: debug 1: zone_timer: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:25:33.860 general: debug 1: zone_maintenance: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:25:33.860 notify: info: zone 10.in-addr.arpa/IN: sending notifies (serial 2015032904)
29-Mar-2015 17:25:33.860 general: debug 1: zone_settimer: zone 10.in-addr.arpa/IN: enter

but when specifying dca-ans-2 explicitly in also-notify:

    also-notify {
        10.128.13.63;
    };

it does:

29-Mar-2015 17:27:15.945 general: debug 1: received control channel command 'null'
29-Mar-2015 17:27:15.945 general: info: received control channel command 'notify 10.in-addr.arpa.'
29-Mar-2015 17:27:15.945 general: debug 1: zone_settimer: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 general: debug 1: zone_timer: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 general: debug 1: zone_maintenance: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 notify: info: zone 10.in-addr.arpa/IN: sending notifies (serial 2015032904)
29-Mar-2015 17:27:15.945 general: debug 1: zone_settimer: zone 10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 notify: debug 3: zone 10.in-addr.arpa/IN: sending notify to 10.128.13.63#53
29-Mar-2015 17:27:15.945 general: debug 3: dns_request_createvia
29-Mar-2015 17:27:15.945 general: debug 3: request_render
29-Mar-2015 17:27:15.945 general: debug 3: requestmgr_attach: 0x7fda5c66d010: eref 1 iref 1
29-Mar-2015 17:27:15.945 general: debug 3: mgr_gethash
29-Mar-2015 17:27:15.945 general: debug 3: req_send: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.945 general: debug 3: dns_request_createvia: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.945 general: debug 3: req_senddone: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_response: request 0x7fda5c6d1460: success
29-Mar-2015 17:27:15.946 general: debug 3: req_cancel: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_sendevent: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: dns_request_getresponse: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 notify: debug 3: zone 10.in-addr.arpa/IN: notify response from 10.128.13.63#53: NOERROR
29-Mar-2015 17:27:15.946 general: debug 3: dns_request_destroy: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_destroy: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: requestmgr_detach: 0x7fda5c66d010: eref 1 iref 0

version is 9.9.5 courtesy of ubuntu:
>named -v
BIND 9.9.5-3ubuntu0.2-Ubuntu (Extended Support Version)

if i'm understanding the documentation right, by default bind should send notifies to all servers listed in the ns records for a zone, except for the soa mname - which would mean that dca-ans-2 should be notified by default - but it appears to not be.  how can i troubleshoot this further?

thanks
-ben

More information about the bind-users mailing list