bind NOTIFY protocol

[Kevin Darcy]

Jim Reid wrote:

> >>>>> "Chuck" == Chuck Scott <chuck at opendesign.com> writes:
>
>     Chuck> I was curious if anyone was familiar with the NOTIFY
>     Chuck> protocol and how the master sends out a NOTIFY request to
>     Chuck> all the slaves.  Specifically, I am curious on how the
>     Chuck> master is able to determine who the slaves are (i.e. NS
>     Chuck> records defined in its zone configuration files) or does it
>     Chuck> keep record of previously initiated zone-xfers from the
>     Chuck> slaves?
>
> NOTIFY messages are sent to the addresses of zone's NS records. A name
> server can be configured to send them to other addresses too: see the
> also-notify clause in BIND[89]. Keeping track of previous zone xfers
> is not wise: how can the server tell the difference between a slave
> server's axfr request and some random user just making an axfr with
> dig or nslookup?

Indeed. Which is why the NOTIFY protocol needs to be enhanced. Stealth
slaves should be sending an OPTION in their SOA queries which means "I'm
really a slave and I want to be notified if the serial number changes".

> Think of the fun - denial of service attacks - if the
> server had to keep track of the source address of every axfr request
> it got.

If that were to ever become a problem, maybe a configurable option could
be added which would only send NOTIFY's to the sources of SOA queries
which were authenticated with a particular key or set of keys. That would
still simplify the maintenance of stealth slaves without creating any
significant new DoS exposure.


- Kevin