How to *require* TSIG for NOTIFY
Jesus Cea
jcea at jcea.es
Tue Nov 15 02:43:41 UTC 2022
On 15/11/22 3:30, Mark Andrews wrote:
> NOTIFY is a hint for the secondary to perform a SOA refresh query sooner than the SOA query triggered by REFRESH and RETRY. Those queries are rate limited. Additionally multiple notify messages often coalesce
> into one action as the server is waiting to send or is waiting for responses when they arrive.
I understand. I interpret your words as "even if you are getting fake
notifies, the cost is quite small". That is nice.I am being possibly too
paranoid.
> While I don’t see the need, adding an 'allow-notify-explicit <bool>;’ could be added to ignore the primaries
> list and only use the allow-notify acl.
Could you possibly send me an URL documenting 'allow-notify-explicit'
clause?. I am not able to find anything relevant online. I don't ever
see anything related in 9.16.34 source code:
"""
jcea at jcea:/tmp/ram/bind-9.16.34$ find . -name "*.c" -exec grep -i
"allow-notify-" {} \; -print
"""
Thanks!
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
More information about the bind-users
mailing list