unable to suppress the notify from slave back to the master
craig at constantine.name
craig at constantine.name
Fri Apr 4 15:15:07 UTC 2008
Greeting all; Does anyone have any thoughts on this... Thanks for your time!
Problem: I have a slave Bind which sends a notify back to the master, which the
master rightly refuses. I'm trying to suppress this slave-towards-master
notify. The slave already has the global 'notify no' option; I even tried
'notify no' and 'notify explicit' within the zone. Also, there are many many
zones so I'd rather not have to put 'notify no' into each zone, when a global
'notify no' should do it. At this point, I suspect I'm fundamentally
misunderstanding what's going on... maybe this isn't a 'notify' problem at all.
:)
Background:
These are two Bind 9.4.1-P1 servers on seperate Linux systems. In the logs
below, I've substituted PRIMARY, PRIMARY_IP, SECONDARY, and SECONDARY_IP for
hostnames and IPs. Both Binds use views, and use TSIG to identify each other.
When I change a zone on the master, it correctly notifies the slave. The slave
initiates a zone transfer using TSIG and retrieves the correct view.
Excerpts from the Primary's config...
view internal_view {
allow-transfer {
key "intview."; // TSIG!
};
zone "0.0.10.in-addr.arpa" {
type master;
file "zones/0/0.0.10.in-addr.arpa.int";
allow-query { internal_ips; };
};
};
Excerpts from the Secondary's config...
options {
notify no;
}
view internal_view {
server PRIMARY_IP {
keys { "intview."; }; // TSIG!
};
zone "0.0.10.in-addr.arpa" {
type slave;
masters { PRIMARY_IP; };
file "zones/0/0.0.10.in-addr.arpa.int";
allow-query { internal_ips; };
};
};
Logs (via syslog) follow with my commentary interspersed...
Apr 4 10:27:27 PRIMARY named[4086]: general: info: zone
0.0.10.in-addr.arpa/IN/internal_view: loaded serial 2008040502
Apr 4 10:27:27 PRIMARY named[4086]: notify: info: zone
0.0.10.in-addr.arpa/IN/internal_view: sending notifies (serial 2008040502)
Apr 4 10:27:27 SECONDARY named[2453]: notify: info: client PRIMARY_IP#32876:
view internal_view: received notify for zone '0.0.10.in-addr.arpa': TSIG
'intview'
-- so on the master, I had updated the zone serial and issued
-- a reload via rndc and the secondary sees the notify.
Apr 4 10:27:27 SECONDARY named[2453]: general: info: zone
0.0.10.in-addr.arpa/IN/internal_view: refresh: unexpected rcode (REFUSED) from
master PRIMARY_IP#53 (source SECONDARY_IP#0)
-- did the slave just try to send a notify to the master??
Apr 4 10:27:27 SECONDARY named[2453]: general: info: zone
0.0.10.in-addr.arpa/IN/internal_view: Transfer started.
Apr 4 10:27:27 SECONDARY named[2453]: xfer-in: info: transfer of
'0.0.10.in-addr.arpa/IN/internal_view' from PRIMARY_IP#53: connected using
SECONDARY_IP#45059
Apr 4 10:27:27 PRIMARY named[4086]: xfer-out: info: client SECONDARY_IP#45059:
view internal_view: transfer of '0.0.10.in-addr.arpa/IN': AXFR-style IXFR
started: TSIG intview
Apr 4 10:27:27 SECONDARY named[2453]: xfer-in: info: transfer of
'0.0.10.in-addr.arpa/IN/internal_view' from PRIMARY_IP#53: end of transfer
Apr 4 10:27:27 PRIMARY named[4086]: xfer-out: info: client SECONDARY_IP#45059:
view internal_view: transfer of '0.0.10.in-addr.arpa/IN': AXFR-style IXFR ended
Apr 4 10:27:27 SECONDARY named[2453]: general: info: zone
0.0.10.in-addr.arpa/IN/internal_view: transferred serial 2008040502: TSIG
'intview'
More information about the bind-users
mailing list