NOTIFY and Zone Reload.
Jeff Reasoner
jeff.reasoner at mail.hccanet.org
Tue Feb 12 19:44:28 UTC 2008
This issue comes up frequently. Creative googling and/or searching the
list archives should provide other ways to do this as well. TSIG is
mentioned frequently. Some past posts including config examples are:
http://marc.info/?l=bind-users&m=111841272927117&w=2
http://marc.info/?l=bind-users&m=113889764531866&w=2
http://marc.info/?l=bind-users&m=119817309930064&w=2
also-notify {} and allow-notify {} are your friends here.
Basically, the issue is that NOTIFY also matches the ACL and bind by
default only sends the NOTIFY to the nameservers listed in the
zonefiles. In my case, when I ran views, I had only 1 NIC, so I simply
added an additional secondary IP address on a different subnet on each
server and used those as the source IP for NOTIFY in the second view.
You could surely use a similar config with 2 NICs.
Also, many config examples are from pre-9.4 servers, so you will need to
include correct allow-recursion {}, allow-query {}, and
allow-query-cache {} statements in your internal view to provide
recursive service.
On Tue, 2008-02-12 at 18:23 +0100, vincent.blondel at ing.be wrote:
> Hello,
>
> I just finished configuring my SunOS 5.8 sparc server with ISC BIND
> 9.4.1-P1 (dmz server). It is running fine except I noticed what I called
> a strange behaviour.
>
> All these servers get two network interfaces, one listening on the
> Internet, the other one listening on internal network. So I created two
> views, the first one "External" getting requests from the Internet users
> and the other one "Internal" getting requests coming our internal
> network.
>
> The internal view also receives NOTIFY from another server located on
> internal network and this is exactly where I get the strange behaviour.
> When I update the zone on my internal server, I then reload the process
> and a NOTIFY is sent into my dmz server. Another detail I just get one
> copy of each zone on the hard drive on the dmz server. This means each
> zone is loaded in the internal view and a second time on the external
> view.
>
> After the record update, I query my dmz server from internal view,
> record is updated but if I run this same query from the external view,
> record is not updated.
>
> So in conclusion, it seems the NOTIFY just reload the memory space
> corresponding to the view where the NOTIFY packet comes from.
>
> My question ?
>
> What can I do to reload this same zone on the entire process ( in other
> words for all views including the zone file ) when I send a NOTIFY
> message from internal view.
>
> Regards
> Vincent
> -----------------------------------------------------------------
> ATTENTION:
> The information in this electronic mail message is private and
> confidential, and only intended for the addressee. Should you
> receive this message by mistake, you are hereby notified that
> any disclosure, reproduction, distribution or use of this
> message is strictly prohibited. Please inform the sender by
> reply transmission and delete the message without copying or
> opening it.
>
> Messages and attachments are scanned for all viruses known.
> If this message contains password-protected attachments, the
> files have NOT been scanned for viruses by the ING mail domain.
> Always scan attachments before opening them.
> -----------------------------------------------------------------
>
>
--
Jeff Reasoner
HCCA
513 728-7902 voice
More information about the bind-users
mailing list