bind NOTIFY protocol
Kevin Darcy
kcd at daimlerchrysler.com
Fri Dec 22 00:26:20 UTC 2000
Jim Reid wrote:
> >>>>> "Chuck" == Chuck Scott <chuck at opendesign.com> writes:
>
> Chuck> I was curious if anyone was familiar with the NOTIFY
> Chuck> protocol and how the master sends out a NOTIFY request to
> Chuck> all the slaves. Specifically, I am curious on how the
> Chuck> master is able to determine who the slaves are (i.e. NS
> Chuck> records defined in its zone configuration files) or does it
> Chuck> keep record of previously initiated zone-xfers from the
> Chuck> slaves?
>
> NOTIFY messages are sent to the addresses of zone's NS records. A name
> server can be configured to send them to other addresses too: see the
> also-notify clause in BIND[89]. Keeping track of previous zone xfers
> is not wise: how can the server tell the difference between a slave
> server's axfr request and some random user just making an axfr with
> dig or nslookup?
Indeed. Which is why the NOTIFY protocol needs to be enhanced. Stealth
slaves should be sending an OPTION in their SOA queries which means "I'm
really a slave and I want to be notified if the serial number changes".
> Think of the fun - denial of service attacks - if the
> server had to keep track of the source address of every axfr request
> it got.
If that were to ever become a problem, maybe a configurable option could
be added which would only send NOTIFY's to the sources of SOA queries
which were authenticated with a particular key or set of keys. That would
still simplify the maintenance of stealth slaves without creating any
significant new DoS exposure.
- Kevin
More information about the bind-users
mailing list