configure notify for ixfer?

Cuttler, Brian R (HEALTH) brian.cuttler at health.ny.gov
Wed Jun 2 14:55:14 UTC 2021


Mark, Dan,

Thank you both.
I was so very sure that I'd missed something and with your correctly pointing out I'd missed an NS record I was able to find and correct the issue.

My static zones were written correctly but my dynamic zones were in fact missing the NS resource record the made the secondary authoritative and as a result was not notifying for dynamic changes.

Thank you very much,
Brian

-----Original Message-----
From: Mark Andrews <marka at isc.org> 
Sent: Tuesday, June 1, 2021 9:24 PM
To: Cuttler, Brian R (HEALTH) <brian.cuttler at health.ny.gov>
Cc: bind-users at lists.isc.org
Subject: Re: configure notify for ixfer?

ATTENTION: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails.


> On 2 Jun 2021, at 01:18, Cuttler, Brian R (HEALTH) via bind-users <bind-users at lists.isc.org> wrote:
>
> My dns secondary is often behind on its dynamic zone tables.
> It looks to me like we are doing automatic transfer IXFR but not requently enough, but randomly.
>
> It looks to me that default 10 second interval for min transfer wait time.
>
> I'm missing something but haven't found the magic yet.
>
> Both primary/secondary BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.5 on Centos 7.9.
>
> Goal is to have dynamic entries replicated on the secondary within a few minutes if not a few seconds.
>
> From what I’m reading I should be sending a notify from the primary to the secondary when a dynamic zone is updated but I don’t seem to be doing that.
>
> Would someone please point me to the option I’m missing to do so? I’ve either completely missed it, mis-understood what I read or am going in the wrong direction.
>
> 01-Jun-2021 07:49:05.425 xfer-out: client @0x7f17335f9450 10.50.156.70#45583 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR started (serial 1501355783 -> 1501355796)
> 01-Jun-2021 07:49:05.426 xfer-out: client @0x7f17335f9450 10.50.156.70#45583 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR ended
> 01-Jun-2021 08:46:52.595 xfer-out: client @0x7f17334a7e80 10.50.156.70#39191 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR started (serial 1501355796 -> 1501355835)
> 01-Jun-2021 08:46:52.596 xfer-out: client @0x7f17334a7e80 10.50.156.70#39191 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR ended
> 01-Jun-2021 09:35:10.776 xfer-out: client @0x7f1732f45d60 10.50.156.70#39230 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR started (serial 1501355835 -> 1501355858)
> 01-Jun-2021 09:35:10.776 xfer-out: client @0x7f1732f45d60 10.50.156.70#39230 (dai.wadsworth.org): transfer of 'dai.wadsworth.org/IN': IXFR ended
>
> Thanks in advance,
> Brian

Named uses the NS records for the zone to find the addresses of the secondary servers to send the NOTIFY messages to. Both primary and secondary servers do this by default.  The nameserver listed in the SOA record MNAME field is excluded this process.  Ensure you have address record for all your nameservers.

If a secondary is not listed in the NS RRset then you can use also-notify as Anand said.

> Brian Cuttler
>
> ITG - Information Technology Group, Network and System Administrator
> Wadsworth Center, NYS Department of Health
> Empire State Plaza, Albany, NY 12201
> (518) 486-1697 | Brian.Cuttler at health.ny.gov
>
>
> _______________________________________________
> Please visit https://protect2.fireeye.com/v1/url?k=8f65c3b5-d0fefa91-8f673a80-000babd9f8b3-d6808c41e68e0cd5&q=1&e=4f4b3cdc-575a-4936-891d-c4a4e8046fba&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://protect2.fireeye.com/v1/url?k=092146da-56ba7ffe-0923bfef-000babd9f8b3-2fc9fe389296b63e&q=1&e=4f4b3cdc-575a-4936-891d-c4a4e8046fba&u=https%3A%2F%2Fwww.isc.org%2Fcontact%2F for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://protect2.fireeye.com/v1/url?k=1ca916b3-43322f97-1cabef86-000babd9f8b3-069582d2fad357d5&q=1&e=4f4b3cdc-575a-4936-891d-c4a4e8046fba&u=https%3A%2F%2Flists.isc.org%2Fmailman%2Flistinfo%2Fbind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the bind-users mailing list