<div dir="ltr">Hi Sami.<div>"allow-..." statements are to restrict from which sources *this* server will accept messages, of whichever type.</div><div>On the secondary (slave), "allow-notify {<span style="font-family:Arial,sans-serif;font-size:13.3333px">192.168.56.154;};" will permit it to process NOTIFY messages sent to it from the primary (master), but ignore any others. Actually, this is not necessary because it would do that anyway. See the ARM description for this statement - </span><a href="https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-allow-notify">https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-allow-notify</a></div><div><br></div><div><span style="font-family:Arial,sans-serif;font-size:13.3333px">NOTIFY messages from the primary will reach the secondary server and be processed because the primary is listed in an NS record in the zone. As Mark says, you cannot stop this. You could test sending NOTIFY from a third server that is *not* listed as an NS for the zone.</span></div><div><span style="font-family:Arial,sans-serif;font-size:13.3333px"><br></span></div><div><span style="font-family:Arial,sans-serif;font-size:13.3333px">On the primary you do not need </span>allow-transfer {192.168.56.157;}; as the primary is not transferring *from* the secondary.</div><div>You probably also don't need also-notify {192.168.56.157;}; if the secondary has an NS record in the zones it will be transferring, which it should.</div><div><br></div><div>Hope that helps.</div><div>Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 25 Mar 2024 at 11:34, <<a href="mailto:sami.rahal@sofrecom.com" target="_blank">sami.rahal@sofrecom.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<div lang="FR">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">Hello community,
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow notifications only from the master (192.168.56.154). I added the directive "allow-notify {192.168.56.154;};"
and it works. However, when I try to test the prohibition of notification by adding "allow-notify {none;};" at the slave, it still receives updates from the master. The transfer on the master is as follows:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">allow-transfer {192.168.56.157;};
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">also-notify {192.168.56.157;};<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">notify explicit;"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif">PS. BIND version : 9.16.48<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal">Regards Sami<u></u><u></u></p>
<div style="margin:5pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:8pt;font-family:"Helvetica 75 Bold";color:rgb(237,125,49)">Orange Restricted<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div></blockquote></div>