Notify and Zone Transfers in BIND 9.2.1
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 26 22:23:29 UTC 2002
"Paul W. Stoecker, Ph.D." wrote:
> Folks,
>
> I hope you can help out on providing some information:
>
> In BIND 8 if UDP 53 was blocked, we would get the ERR/TO message, but
> the zone would transfer. That is it appears that even with the Notify
> being blocked, named-xfer would take over using TCP.
>
> In BIND 9.2.1 it seems that this behaviour has changed. I see the
> Notify going out over UDP 53, but it is blocked. The BIND 9.2.1 never
> transfers the zone. It doesn't seem to switch to using TCP notify.
> RFC 1996 even suggests that it should use TCP if UDP is blocked for
> notify. Is there something different in BIND 9.2.1 that causes it to
> just never transfer the zone? Any way I can make a configuration
> change to either ignore using notify, or force the zone transfer?
Paul,
I'm a little confused by your message. NOTIFY is nothing more
than an optimization. Even if you turn NOTIFY completely off, zones
should still be transferred, albeit more slowly (in the absence of
NOTIFY, the frequency of replication is controlled by the REFRESH field
of the zone's SOA record). So, if you have a firewall rule setup that
blocks NOTIFY *and* you have the situation of zones *never* transferring,
those are two different problems with possibly a common root cause,
rather than one problem which is dependent on another.
To answer your question about forcing zone transfers, you could either
a) delete the file on the slave and reload/restart that nameserver
instance, or b) send a "refresh {zone}" command to the slave via rndc.
- Kevin
More information about the bind-users
mailing list