Xfrout Notify Issues
Spain, Dr. Jeffry A.
spainj at countryday.net
Tue Feb 21 16:45:15 UTC 2012
With bind10-devel-20120119, the Xfrout module doesn't seem to be sending Notify messages. I have Xfrout configured as shown below. I incremented the serial number in the file jaspain.biz.db and added an A record, and then ran "b10-loadzone jaspain.biz.db". "dig @localhost jaspain.biz soa" shows the incremented serial number. A packet capture with tcpdump shows no DNS-related network traffic, however. The Bind 10 Guide, in chapter 10, states "The b10-xfrout is also used to send NOTIFY messages to secondary servers." For zone jaspain.biz, the NS records are ns1.jaspain.net and ns2.jaspain.net. In my setup, I am using a bind 9.9.0rc3 server (IPv6 address 2001:4870:20ca:158:383e:4365:e3fe:ef7e in the configuration below) to do inline signing, so that's who I would like to notify rather than the secondaries listed in the zone file.
Tickets http://bind10.isc.org/ticket/1321 and http://bind10.isc.org/ticket/966 seem to indicate that this functionality is a work in progress. Here's my suggestion along the lines of bind9 (see the Bv9ARM, page 62 and 70):
Xfrout/notify "yes(default)|no|master-only|explicit" string
Xfrout/notify-to-soa "yes|no(default)" string
Xfrout/also-notify [{ "address": "<IPv4 or IPv6 address>", "port": 53, "key": "<TSIG key name>" }] list
Under also-notify, port should be optional (default 53) and key should be optional (default null)
This configuration should be allowed globally and per zone, with the latter taking precedence.
If there's a way to get this to work with the current version of bind10, would you please let me know. Otherwise I will await further development. Would you please let me know any other relevant ticket numbers. The current Xfrout configuration follows. Regards, Jeff.
> config show Xfrout
Xfrout/transfers_out 10 integer (default)
Xfrout/log_name "Xfrout" string (default)
Xfrout/log_file "/var/bind10-devel/log/Xfrout.log" string (default)
Xfrout/log_severity "debug" string (default)
Xfrout/log_versions 5 integer (default)
Xfrout/log_max_bytes 1048576 integer (default)
Xfrout/tsig_key_ring/ list
Xfrout/transfer_acl/ list
Xfrout/zone_config/ list
> config show Xfrout/tsig_key_ring
Xfrout/tsig_key_ring[0] "nsb0-nsb0s:<base64 key>:hmac-sha256" string
> config show Xfrout/transfer_acl
Xfrout/transfer_acl[0] {"action": "REJECT"} any
> config show Xfrout/zone_config
Xfrout/zone_config[0]/origin "jaspain.biz" string
Xfrout/zone_config[0]/class "IN" string (default)
Xfrout/zone_config[0]/transfer_acl/ list
Xfrout/zone_config[1]/origin "jaspain.info" string
Xfrout/zone_config[1]/class "IN" string (default)
Xfrout/zone_config[1]/transfer_acl/ list
Xfrout/zone_config[2]/origin "jaspain.net" string
Xfrout/zone_config[2]/class "IN" string (default)
Xfrout/zone_config[2]/transfer_acl/ list
Xfrout/zone_config[3]/origin "jaspain.us" string
Xfrout/zone_config[3]/class "IN" string (default)
Xfrout/zone_config[3]/transfer_acl/ list
Xfrout/zone_config[4]/origin "jspain.us" string
Xfrout/zone_config[4]/class "IN" string (default)
Xfrout/zone_config[4]/transfer_acl/ list
> config show Xfrout/zone_config[0]/transfer_acl
Xfrout/zone_config[0]/transfer_acl[0] {"action": "ACCEPT", "from": "2001:4870:20ca:158:383e:4365:e3fe:ef7e", "key": "nsb0-nsb0s"}any
Jeffry A. Spain
Network Administrator
Cincinnati Country Day School
More information about the bind10-users
mailing list