notify failed ?

Kevin Darcy kcd at daimlerchrysler.com
Wed Aug 29 22:44:14 UTC 2001 

Ole Braad-Sorensen wrote:

> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
> >> named[7445]: notify failed: not authoritative for notify zone
> >> (REFUSED)
> >>
> >> The message comes 3 times each hour, not matching any cron events!
> >>
> >> What's named trying to tell me :-)
> >
> >It appears that someone is trying to NOTIFY your server for a zone for
> >which is not authoritative.
>
> Ooppsss...   Lost you..!  Not an expert :-)
> I don't understand you and I don't understand the error messsage :-(
>
> Do you mean that (NOTIFY) someone "is asking my named for info" for a
> zone, not existing or what does it mean that the zone is not
> authoritative. ???

NOTIFY is sent from masters to slaves whenever the zone changes.

A slave considers itself authoritative for a zone if it is configured
properly as a slave for it, and it has successfully been transferring the
zone from the master.

It would appear that one of the following things is true: a) the nameserver
in question is not configured as a slave for the zone which is being
NOTIFY'ed, or b) it is configured as a slave, but something has gone wrong,
either a problem with zone transfers (like they are being interrupted
somehow, or the slave is having trouble writing the zone data into the file)
or no zone transfers at all (which means the slave will eventually expire
the zone).

>
>
> >Did you recently *stop* being a slave for
> >some zone or another? Maybe the NS records or "also-notify" for the zone
> >need to be update so as to remove your server.
>
> I have three zones, "soholm.com", "frilandsgris.com" and "obsdata.dk"
> and all are working fine, but mail to the "obsdata.dk" don't reach the
> mail server as the two others. Messages comes back with "obsdata.dk"
> not responding, but mail sent via my intranet is working fine.

If you query something in obsdata.dk, is the response authoritative? (With a
real lookup tool like "dig", look for the "aa" bit being set. With a sucky
lookup tool like "nslookup" look for whether the response is marked as
"non-authoritative". Note that to be sure you should repeat the query, since
the first response may have just been "passed through" from an authoritative
server with the AA bit intact, and thus may not prove that the local server
is actually answering authoritatively for the zone)


- Kevin

More information about the bind-users mailing list