Generalized DNS Notifications in BIND 9

A new configuration option, notify-cfg CDS, was added to BIND 9 in version 9.21.17. This enabled Generalized DNS Notifications for CDS and/or CDNSKEY RRset changes, as specified in RFC 9859. ISC Gitlab reference #5611

Excerpt from IETF RFC 9859:

The original DNS notifications [RFC1996], which are here referred to as “NOTIFY(SOA)”, are sent from a primary server to a secondary server to minimize the latter’s convergence time to a new version of the zone. This mechanism successfully addresses a significant inefficiency in the original protocol.

Today, similar inefficiencies occur in new use cases, in particular delegation maintenance (DS and NS record updates). Just as in the NOTIFY(SOA) case, a new set of notification types will have a major positive benefit by allowing the DNS infrastructure to completely sidestep these inefficiencies. …

… the notification will speed up processing times by providing the recipient with a hint that a particular child zone has published new CDS, CDNSKEY, and/or CSYNC records.

Matthijs Mekking gave this talk at the DNSSEC Workshop at ICANN 85 introducing the feature: SLIDES, RECORDING.

Generalized DNS Notifications in BIND 9, by Matthijs Mekking, ISC at ICANN85, DNSSEC Workshop

AUTHOR
author
Posted by: Vicky Risk
TAGS
CATEGORIES
  • BIND
  • Open Source
    • PUBLISHED
    11 Mar 2026
    FOLLOW

    Recent Posts

    What's New from ISC

    Previous post: BIND 9.20 Resolver performance compared to 9.18