Notify and Zone Transfers in BIND 9.2.1
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Nov 26 22:39:24 UTC 2002
>
> Folks,
>
> I hope you can help out on providing some information:
>
> In BIND 8 if UDP 53 was blocked, we would get the ERR/TO message, but
> the zone would transfer. That is it appears that even with the Notify
> being blocked, named-xfer would take over using TCP.
>
> In BIND 9.2.1 it seems that this behaviour has changed. I see the
> Notify going out over UDP 53, but it is blocked. The BIND 9.2.1 never
> transfers the zone. It doesn't seem to switch to using TCP notify.
> RFC 1996 even suggests that it should use TCP if UDP is blocked for
> notify. Is there something different in BIND 9.2.1 that causes it to
> just never transfer the zone? Any way I can make a configuration
> change to either ignore using notify, or force the zone transfer?
>
> Thanks,
>
> Paul
> stoeckp at research.panasonic.com
Well ERR/TO comes from the refresh query (not the NOTIFY).
BIND 8 would try the zone transfer if it got no response to
the refresh query.
BIND 9 doesn't do this. Except for misconfigured firewalls,
this is a waste of resources to do this. I suggest that you
open up your firewall to allow the refresh queries in and the
answers out.
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list