How to *require* TSIG for NOTIFY

Ondřej Surý ondrej at isc.org
Tue Nov 15 04:40:20 UTC 2022 

It’s `also-notify <list>;` and `notify explicit;`

The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 15. 11. 2022, at 3:44, Jesus Cea <jcea at jcea.es> wrote:
> 
> On 15/11/22 3:30, Mark Andrews wrote:
> 
>> NOTIFY is a hint for the secondary to perform a SOA refresh query sooner than the SOA query triggered by REFRESH and RETRY.  Those queries are rate limited.  Additionally multiple notify messages often coalesce
>> into one action as the server is waiting to send or is waiting for responses when they arrive.
> 
> I understand. I interpret your words as "even if you are getting fake notifies, the cost is quite small". That is nice.I am being possibly too paranoid.
> 
>> While I don’t see the need, adding an 'allow-notify-explicit <bool>;’ could be added to ignore the primaries
>> list and only use the allow-notify acl.
> 
> Could you possibly send me an URL documenting 'allow-notify-explicit' clause?. I am not able to find anything relevant online. I don't ever see anything related in 9.16.34 source code:
> 
> """
> jcea at jcea:/tmp/ram/bind-9.16.34$ find . -name "*.c" -exec grep -i "allow-notify-" {} \; -print
> """
> 
> Thanks!
> 
> -- 
> Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
> jcea at jcea.es - https://www.jcea.es/    _/_/    _/_/  _/_/    _/_/  _/_/
> Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
> jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
> "Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
> "My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221115/b3fb3193/attachment.htm>

More information about the bind-users mailing list