help with notify-source - DNS

This is a discussion on help with notify-source - DNS ; I have a BIND 9.x server with multiple ethernet interfaces and IPs. I need the NOTIFY messages to go out on a specific IP, because I am using TSIG updates to my slave and that slave will not accept a ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: help with notify-source

  1. help with notify-source

    I have a BIND 9.x server with multiple ethernet interfaces and IPs.
    I need the NOTIFY messages to go out on a specific IP, because I am using TSIG updates
    to my slave and that slave will not accept a TCP NOTIFY connection from any other than one of
    my specific IPs.
    I put a notify-source directive inside my zone files and options area, but nothing seems to work.
    BIND/named seems to randomly rotate through all my IPs sending NOTIFY, until it uses the IP
    that my slave wants to hear from, and then the transfer from master to slave happens. But this takes like hours.
    Does notify-source actually work, or am I using the wrong directive or using the right directive in the wrong manner.

    thanks,
    tony





  2. Re: help with notify-source

    In article , tony z wrote:

    > I have a BIND 9.x server with multiple ethernet interfaces and IPs.


    What's the value of x?

    > I need the NOTIFY messages to go out on a specific IP, because I am using
    > TSIG updates
    > to my slave and that slave will not accept a TCP NOTIFY connection from any
    > other than one of
    > my specific IPs.
    > I put a notify-source directive inside my zone files and options area, but
    > nothing seems to work.
    > BIND/named seems to randomly rotate through all my IPs sending NOTIFY, until
    > it uses the IP
    > that my slave wants to hear from, and then the transfer from master to slave
    > happens. But this takes like hours.
    > Does notify-source actually work, or am I using the wrong directive or using
    > the right directive in the wrong manner.


    Post your named.conf.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


  3. Re: help with notify-source

    On Mar 24, 6:33 pm, Barry Margolin wrote:
    > In article , tony z wrote:
    > > I have a BIND 9.x server with multiple ethernet interfaces and IPs.

    >
    > What's the value of x?
    >
    > > I need the NOTIFY messages to go out on a specific IP, because I am using
    > > TSIG updates
    > > to my slave and that slave will not accept a TCP NOTIFY connection from any
    > > other than one of
    > > my specific IPs.
    > > I put a notify-source directive inside my zone files and options area, but
    > > nothing seems to work.
    > > BIND/named seems to randomly rotate through all my IPs sending NOTIFY, until
    > > it uses the IP
    > > that my slave wants to hear from, and then the transfer from master to slave
    > > happens. But this takes like hours.
    > > Does notify-source actually work, or am I using the wrong directive or using
    > > the right directive in the wrong manner.

    >
    > Post your named.conf.
    >
    > --
    > Barry Margolin, bar...@alum.mit.edu
    > Arlington, MA
    > *** PLEASE don't copy me on replies, I'll read them in the group ***


    Thanks for any help on this....

    x = BIND 9.3.3rc2

    the named.conf is:

    // Default named.conf generated by install of bind-9.2.4-24.ELu
    // changelog:

    options {
    hostname "somehost";
    version "ver9";
    blackhole { 213.171.223.128; };
    listen-on { 67.228.17.xxx; }; // virtual ETH for DNS
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    notify-source 67.228.17.xxx ;
    allow-recursion { 127.0.0.1; 67.228.17.xxx; };
    dnssec-enable yes;
    };

    include "/etc/rndc.key";

    include "/var/named/keys/xxx.keys";

    logging {
    channel default_log {
    file "/var/log/named/default.log" versions 7 size 1m;
    severity debug 50;
    print-category yes;
    print-severity yes;
    print-time yes;
    };
    channel query_log {
    file "/var/log/named/query.log" versions 7 size 1m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
    };
    channel security_ch {
    file "/var/log/named/named_sec.log" versions 7 size
    1m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
    };
    channel dnssec_ch {
    file "/var/log/named/dnssec.log" versions 7 size 1m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
    };
    channel log_zone_transfers {
    file "/var/log/named/axfr.log" versions 7 size 1m;
    severity info;
    print-category yes;
    print-severity yes;
    print-time yes;
    };
    category default { default_log; };
    category security { security_ch; };
    category dnssec { dnssec_ch; };
    category queries { query_log; };
    category xfer-out { log_zone_transfers; };
    };



    // zone file for root servers, fres off internic.net
    zone "." {
    type hint;
    file "named.ca";
    };


    // zone file for localhost
    zone "localhost." in{
    type master;
    file "master.localhost";
    allow-update { none; };
    };

    // zone file for revrerse lookup of localhost
    zone "0.0.127.IN-ADDR.ARPA." {
    type master;
    file "localhost.rev";
    allow-update { none; };
    };

    // zone file for xxx.us
    zone "xxx.us" {
    type master;
    file "xxx.us";
    allow-transfer { key 101436.163724.xxx; };
    };

    // zone file for xxx.com
    zone "xxx.com" {
    type master;
    file "xxx.com";
    allow-transfer { key 101436.163822.xxx; };
    };


  4. Re: help with notify-source

    In article , ews_inc
    wrote:

    > the named.conf is:


    I doubt it. There are lots of "xxx" in what you posted, and I'll bet
    any amount that the real named.conf file doesn't have them.

    Since it's possible that your redacting is masking over the problem, I
    don't think anyone is going to bother helping you until you give up all
    the information hiding and post the real thing.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE don't copy me on replies, I'll read them in the group ***


+ Reply to Thread