nsdc update implementation details
Peter Koch
pk at DENIC.DE
Tue Jul 17 09:27:18 UTC 2007
On Mon, Jul 16, 2007 at 10:26:16AM +0200, Wouter Wijngaards wrote:
> If a NOTIFY message is sent and it contains the new SOA serial number
> inside the NOTIFY message (this is what master servers send out), then
> NSD will query the source IP address if its a master and if not, it will
> run through the list of masters, in order from the config file,
shouldn't the slave ignore any NOTIFY messages from non-masters instead?
> accepting updates, until it gets an update that brings the zone to the
> new SOA serial number from the NOTIFY. So, if it knows version x is out
> there, it will keep trying until it gets version x or later.
So with a single spoofed (or not even that) NOTIFY one could make the slaves
rapidly query all their masters?
-Peter
More information about the nsd-users
mailing list