How to *require* TSIG for NOTIFY
Ondřej Surý
ondrej at isc.org
Tue Nov 15 04:40:20 UTC 2022
It’s `also-notify <list>;` and `notify explicit;`
The online documentation is here: https://bind9.readthedocs.io/en/v9_16_34/reference.html
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 15. 11. 2022, at 3:44, Jesus Cea <jcea at jcea.es> wrote:
>
> On 15/11/22 3:30, Mark Andrews wrote:
>
>> NOTIFY is a hint for the secondary to perform a SOA refresh query sooner than the SOA query triggered by REFRESH and RETRY. Those queries are rate limited. Additionally multiple notify messages often coalesce
>> into one action as the server is waiting to send or is waiting for responses when they arrive.
>
> I understand. I interpret your words as "even if you are getting fake notifies, the cost is quite small". That is nice.I am being possibly too paranoid.
>
>> While I don’t see the need, adding an 'allow-notify-explicit <bool>;’ could be added to ignore the primaries
>> list and only use the allow-notify acl.
>
> Could you possibly send me an URL documenting 'allow-notify-explicit' clause?. I am not able to find anything relevant online. I don't ever see anything related in 9.16.34 source code:
>
> """
> jcea at jcea:/tmp/ram/bind-9.16.34$ find . -name "*.c" -exec grep -i "allow-notify-" {} \; -print
> """
>
> Thanks!
>
> --
> Jesús Cea Avión _/_/ _/_/_/ _/_/_/
> jcea at jcea.es - https://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
> Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
> jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
> "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
> "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
> "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221115/b3fb3193/attachment.htm>
More information about the bind-users
mailing list