also-notify and allow-notify

Warren Kumari warren at kumari.net
Fri May 18 07:53:51 UTC 2018 

On Fri, May 18, 2018 at 9:41 AM Blason R <blason16 at gmail.com> wrote:

> Hi there,

> Thanks for the update and here is my config and error I am getting. Can
you please suggest correct method that should be implemented?


I believe (but don't have a machine to confirm on) that the syntax should
be:

also-notify { 192.168.5.49 port 4444;};

(note the lack of semicolon between the IP and "port 4444")

W


> **************************
> zone "malware.trap" {
>          type master;
>          file "/var/lib/bind/zones/malware.trap.db";
>          notify explicit;
>          also-notify { 192.168.5.49; port 4444;};
>          allow-transfer {192.168.5.49; };
>          allow-query { localhost;};
>          };

> zone "whitelist.allow" {
>          type master;
>          file "/var/lib/bind/zones/whitelist.allow";
>          notify explicit;
>          also-notify { 192.168.5.49; port 4444;};
>          allow-transfer {192.168.5.49; };
>          allow-query { localhost;};
>          };

> zone "block.tld" {
>          type master;
>          file "/var/lib/bind/zones/block.tld.db";
>          notify explicit;
>          also-notify { 192.168.5.49; port 4444;};
>          allow-transfer {192.168.5.49; };
>          allow-query { localhost;};
>          };

> **********************************



> May 18 13:04:42 dnsfw named[1134]: using up to 4096 sockets
> May 18 13:04:45 dnsfw named[1134]: loading configuration from
'/etc/bind/named.conf'
> May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:34:
missing ';' before '4444'
> May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:43:
missing ';' before '4444'
> May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:52:
missing ';' before '4444'
> May 18 13:04:46 dnsfw systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
> May 18 13:04:46 dnsfw rndc[1313]: rndc: connect failed: 127.0.0.1#953:
connection refused
> May 18 13:04:46 dnsfw systemd[1]: bind9.service: Control process exited,
code=exited status=1


> On Fri, May 18, 2018 at 12:08 AM, Matthew Pounsett <matt at conundrum.com>
wrote:



>> On 17 May 2018 at 13:30, Blason R <blason16 at gmail.com> wrote:

>>> Hi,

>>> I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master

>> [...]


>>> So here I am sending notification  to 192.168.5.49 on port 4545; my
queries are

>>> How do I configure port on slave 4545 so that slave server can start
listening on that port.


>> Your slave needs to be listening on the correct IP/port to receive the
NOTIFY.  In the current BIND Administrator's Reference Manual[0], the
discussion on Interfaces starts at page 98.


>>> And my master is failing  after restarting the services due to
notify-them statement.


>> You don't indicate what the error is, but I'm willing to bet it's the
fact that you're trying to specify a masters list by name as well as a
port.  If you look at the 'also-notify' statement definition, you can see
that you're able to use a 'masters' list OR an IP address and port
combination, but not both (ARM pp. 71).  You should specify the port number
as part of the definition of the masters list, not where you use the
masters list.

>> [0]: <https://www.isc.org/bind-9-11-arm/>



> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
    ---maf

More information about the bind-users mailing list