Handling of zone transfers and notify messages

Robert E.Seastrom rs at seastrom.com
Fri Oct 15 15:03:55 UTC 2004


Antoine Delvaux <antoine.delvaux at belnet.be> writes:

> My thoughts is that when running a server as secondary for domains
> you don't have control on, the notify messages are quite useful to
> provide a good service to your users.  On the other hand, too much
> notify messages can induce unneeded load on the server.

I'm still running 1.2.2 (been running nsd for a couple of years at
this point) to secondary about 1000 zones, most of which are in turn
secondaried from other hosts on the server from which I'm pulling
them.  The vast majority of them (98%) are Someone Else's Zones.

One problem I've noticed (hopefully fixed in newer versions) is that
"nsdc update" does not deal gracefully with having an expired or
non-transferable zone.  To my way of thinking it should either build
nsd.db including the expired data but unset the authority bit in
replies or simply leave the zone out of nsd.db rather than refusing to
update the database for the other zones.

My work-around has been to have a "metaconfig" nsd.zones file which is
compiled into the "working" nsd.zones file before each "nsdc update"
by a script that issues a query for the SOA record against the master
nameserver for each zone and checks for the authority bit.  Crude, but
effective.

If I need a swat with the clown hammer and incentive to upgrade,
someone please tell me to get off my lazy behind.  :)

                                        ---Rob





More information about the nsd-users mailing list