also-notify and allow-notify

Blason R blason16 at gmail.com
Fri May 18 07:41:05 UTC 2018 

Hi there,

Thanks for the update and here is my config and error I am getting. Can you
please suggest correct method that should be implemented?


**************************
zone "malware.trap" {
        type master;
        file "/var/lib/bind/zones/malware.trap.db";
        notify explicit;
        also-notify { 192.168.5.49; port 4444;};
        allow-transfer {192.168.5.49; };
        allow-query { localhost;};
        };

zone "whitelist.allow" {
        type master;
        file "/var/lib/bind/zones/whitelist.allow";
        notify explicit;
        also-notify { 192.168.5.49; port 4444;};
        allow-transfer {192.168.5.49; };
        allow-query { localhost;};
        };

zone "block.tld" {
        type master;
        file "/var/lib/bind/zones/block.tld.db";
        notify explicit;
        also-notify { 192.168.5.49; port 4444;};
        allow-transfer {192.168.5.49; };
        allow-query { localhost;};
        };

**********************************



May 18 13:04:42 dnsfw named[1134]: using up to 4096 sockets
May 18 13:04:45 dnsfw named[1134]: loading configuration from
'/etc/bind/named.conf'
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:34:
missing ';' before '4444'*
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:43:
missing ';' before '4444'*
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:52:
missing ';' before '4444'*
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
May 18 13:04:46 dnsfw rndc[1313]: rndc: connect failed: 127.0.0.1#953:
connection refused
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Control process exited,
code=exited status=1


On Fri, May 18, 2018 at 12:08 AM, Matthew Pounsett <matt at conundrum.com>
wrote:

>
>
> On 17 May 2018 at 13:30, Blason R <blason16 at gmail.com> wrote:
>
>> Hi,
>>
>> I have RPZ installed on server and its acting as a master server but
>> somehow port setting is not working on master
>>
>> [...]
>
>>
>> So here I am sending notification  to 192.168.5.49 on port 4545; my
>> queries are
>>
>> How do I configure port on slave 4545 so that slave server can start
>> listening on that port.
>>
>
> Your slave needs to be listening on the correct IP/port to receive the
> NOTIFY.  In the current BIND Administrator's Reference Manual[0], the
> discussion on Interfaces starts at page 98.
>
>
>> And my master is failing  after restarting the services due to
>> notify-them statement.
>>
>
> You don't indicate what the error is, but I'm willing to bet it's the fact
> that you're trying to specify a masters list by name as well as a port.  If
> you look at the 'also-notify' statement definition, you can see that you're
> able to use a 'masters' list OR an IP address and port combination, but not
> both (ARM pp. 71).  You should specify the port number as part of the
> definition of the masters list, not where you use the masters list.
>
> [0]: <https://www.isc.org/bind-9-11-arm/>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180518/2694704d/attachment-0001.html>

More information about the bind-users mailing list