How to *require* TSIG for NOTIFY
Petr Špaček
pspacek at isc.org
Wed Nov 16 12:56:00 UTC 2022
On 15. 11. 22 17:27, Jesus Cea wrote:
> On 15/11/22 5:40, Ondřej Surý wrote:
>> It’s `also-notify <list>;` and `notify explicit;`
>>
>> The online documentation is here:
>> https://bind9.readthedocs.io/en/v9_16_34/reference.html
>> <https://bind9.readthedocs.io/en/v9_16_34/reference.html>
>
> That configuration affects to the primary, I don't see how it affects
> the slaves.
That's a good point, docs do not really say.
From a quick look at dns_zone_notifyreceive() function it seems that
secondary zones always accept notifies from addresses listed as primaries.
If you have compelling use-case for different behavior please open
feature request at https://gitlab.isc.org/isc-projects/bind9/-/issues/new .
Thank you for your time.
--
Petr Špaček
More information about the bind-users
mailing list