Questions about BIND and NOTIFY

Cricket Liu cricket at menandmice.com
Thu Aug 15 20:39:40 UTC 2002 

> I have some questions about RFC 1996 (NOTIFY) and BIND.  The RFC has
> 
> >   2.1. The following definitions are used in this document:
> >
> >   Slave           an authoritative server which uses zone transfer to
> >                   retrieve the zone.  All slave servers are named in
> >                   the NS RRs for the zone.
> >
> >   Master          any authoritative server configured to be the source
> >                   of zone transfer for one or more slave servers.
> >
> >   Primary Master  master server at the root of the zone transfer
> >                   dependency graph.  The primary master is named in the
> >                   zone's SOA MNAME field and optionally by an NS RR.
> >                   There is by definition only one primary master server
> >                   per zone.
> 
> For a given zone, if I have a "Primary Master" and four "Slave"
> servers, are all of these five servers considered "Master" by the
> above definition?

No.  One is the primary master and the other four are slaves.  If one
of the slaves used another slave as the source of its zone transfers,
the slave serving the zone transfers would also be a master.

> My reading of the RFC implies that each slave, after it has reloaded a
> zone, will send a NOTIFY packet to all of the other slaves (as listed
> in the zone's NS records).  The RFC has
> 
> >  3.10. If a slave receives a NOTIFY request from a host that is not a
> >  known master for the zone containing the QNAME, it should ignore the
> >  request and produce an error message in its operations log.
> 
> For the NOTIFY to work, this would imply that each of the slaves is a
> "Master" according to the definitions in 2.1.

No, this is simply a precaution to ensure that a slave only accepts NOTIFY
messages from its master for the zone.

A slave only sends NOTIFY messages because it might have other slaves
using it as a master name server, and those slaves, according to 3.10,
won't accept a NOTIFY message from a name server other than their
master.  If your slaves aren't used as masters, turn off NOTIFY on those
name servers.

> I am seeing with a BIND 8.2.5-REL slave this -- the slave does a zone
> transfer from the master and sends NOTIFY packets to the other slaves.
> Two of the slaves are on-site and two are off-site.  The two off-site
> slaves do not act on the NOTIFY packet; they do not transfer the updated
> zone from the master.  And I am trying to determine why.  One of the
> off-site masters is BIND 9; I do not know if the other one is BIND 8
> or BIND 9.

Unless those offsite slaves are configured to use the slave that sent the
NOTIFY messages as a master, they're correctly ignoring the NOTIFY
messages.  Their master should send them NOTIFY messages, which
they should accept.

cricket

Men & Mice
DNS Software, Training and Consulting
www.menandmice.com

Attend our next DNS and BIND class!  See
http://www.menandmice.com/DNS-training/
for the schedule and to register for upcoming classes

More information about the bind-users mailing list