nsdc update implementation details

Peter Koch pk at DENIC.DE
Tue Jul 17 09:27:18 UTC 2007


On Mon, Jul 16, 2007 at 10:26:16AM +0200, Wouter Wijngaards wrote:

> If a NOTIFY message is sent and it contains the new SOA serial number
> inside the NOTIFY message (this is what master servers send out), then
> NSD will query the source IP address if its a master and if not, it will
> run through the list of masters, in order from the config file,

shouldn't the slave ignore any NOTIFY messages from non-masters instead?

> accepting updates, until it gets an update that brings the zone to the
> new SOA serial number from the NOTIFY. So, if it knows version x is out
> there, it will keep trying until it gets version x or later.

So with a single spoofed (or not even that) NOTIFY one could make the slaves
rapidly query all their masters?

-Peter



More information about the nsd-users mailing list