notify - ixfr to interface alias problem
Alan Clegg
alan at clegg.com
Thu Dec 6 13:06:43 UTC 2007
Rogan, Julian wrote:
> Hi,
> I am using bind 9.2.4 as received via a Redhat installation.
[standard disclaimer: please upgrade if possible]
> [...] we allocated new NIC alias IPs to our 3 central DNS servers.
>
> I changed all zone files to use the new names and alias IPs as owner and
> NS records.
> I also changed all relevant config entries to refer to the new IP
> addresses. I also changed all zone definitions to use the new alias IP
> as the master location for updates.
>
> Zone transfers down to the slaves occur if the slave file is not present
> and updates occur if the zone refresh time is reached.
Both of these occur when the slave initiates the transfer. Do you allow
zone transfers from anywhere? Since you have not provided the zone name
or any configuration, it's a bit difficult to tell.
> However when a change is made to the master zone. I can see a notify
> request received in the log file but update of the slave does not occur.
Since you added additional interfaces, are you certain that the notify
is coming from an address that the slave considers an acceptable source?
Since BIND will, by default, send notify via any available interface,
I'm guessing that the IP address of the source of the notify is not
making the slave happy.
In each zone definition, or in the options section on the master, you
may need to specify:
notify-source ADDRESS [port PORT];
to force BIND to send the notify from the given ADDRESS (and optionally
PORT).
If that does not help, I'd recommend getting a packet dump on both
master and slave when a notify is being sent and seeing if there is
traffic on other interfaces (or addresses) that you are not expecting.
AlanC
More information about the bind-users
mailing list