help with notify
Matt Zagrabelny
mzagrabe at d.umn.edu
Mon Apr 17 13:59:29 UTC 2023
Greetings bind-users,
I'm running a little older Debian bind:
bind9 1:9.9.5.dfsg-9
Scenario: I have two authoritative servers locally and three authoritative
servers that are part of the parent domain:
$ dig +short NS sub.example.com | sort
ns-0.sub.example.com.
ns-1.sub.example.com.
ns-1.example.com.
ns-2.example.com.
ns-3.example.com.
It does not seem that the parent domain servers (ns-{1,2,3}.example.com)
are being sent NOTIFYs for domain refreshes.
>From the docs it looks like the default behavior should send out NOTIFYs:
"""
notify
Grammar: notify ( explicit | master-only | primary-only | <boolean> );
Blocks: options, view, zone (mirror, primary, secondary)
Tags: transfer
Controls whether NOTIFY messages are sent on zone changes.
If set to yes (the default), DNS NOTIFY messages are sent when a zone the
server is authoritative for changes; see using notify. The messages are
sent
to the servers listed in the zone’s NS records (except the primary server
identified in the SOA MNAME field), and to any servers listed in the
also-notify option.
"""
Thus my global options "notify" config is not set due to the default
behavior described above - which the default does what I desire.
When I manually trigger a retransfer I see some A/AAAA queries, but no
NOTIFYs:
ns-0.sub.example.com => 192.168.21.10
ns-1.example.com => 10.101.101.1 , fc00:101:101::53
ns-2.example.com => 10.162.90.224 , fc00:162:90::53
ns-3.example.com => 10.223.13.161 , fc00:223:13::53
ns-0.sub.example.com# rndc retransfer sub.example.com ; tcpdump -ttttpnl
host fc00:101:101::53 or host 10.101.101.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
2023-04-14 14:23:53.736445 IP 192.168.21.10.43799 > 10.101.101.1.53: 14585%
[2au] A? ns-2.example.com. (125)
2023-04-14 14:23:53.736459 IP 192.168.21.10.43537 > 10.101.101.1.53: 18865%
[2au] A? ns-1.example.com. (125)
2023-04-14 14:23:53.736513 IP 192.168.21.10.34762 > 10.101.101.1.53: 51934%
[2au] AAAA? ns-2.example.com. (125)
2023-04-14 14:23:53.736639 IP 192.168.21.10.2342 > 10.101.101.1.53: 10531%
[2au] A? ns-3.example.com. (125)
2023-04-14 14:23:53.736696 IP 192.168.21.10.14682 > 10.101.101.1.53: 46647%
[2au] AAAA? ns-3.example.com. (125)
2023-04-14 14:23:53.736830 IP 192.168.21.10.63839 > 10.101.101.1.53: 15372%
[2au] AAAA? ns-1.example.com. (125)
2023-04-14 14:23:53.740773 IP 10.101.101.1.53 > 192.168.21.10.43537:
18865*- 1/0/1 A 10.101.101.1 (57)
2023-04-14 14:23:53.740933 IP 10.101.101.1.53 > 192.168.21.10.43799:
14585*- 1/0/1 A 10.162.90.224 (57)
2023-04-14 14:23:53.741101 IP 10.101.101.1.53 > 192.168.21.10.2342: 10531*-
1/0/1 A 10.223.13.161 (57)
2023-04-14 14:23:53.741205 IP 10.101.101.1.53 > 192.168.21.10.34762:
51934*- 1/0/1 AAAA fc00:162:90::53 (69)
2023-04-14 14:23:53.741259 IP 10.101.101.1.53 > 192.168.21.10.63839:
15372*- 1/0/1 AAAA fc00:101:101::53 (69)
2023-04-14 14:23:53.741303 IP 10.101.101.1.53 > 192.168.21.10.14682:
46647*- 1/0/1 AAAA fc00:223:13::53 (69)
Any ideas what I'm missing?
Thanks for the help!
-Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230417/2c6b91e9/attachment.htm>
More information about the bind-users
mailing list