[nsd-users] allow-notify SUBNET and request-xfr inconsistency

Yuri Schaeffer yuri at nlnetlabs.nl
Mon Jul 23 19:49:21 UTC 2012

Hi Ilya,

>>>> message and it should be accepted. Furthermore, RFC-1996, Section 3.11
>> says:
>>>>> Because a deep server dependency graph may have multiple paths
>>>>>       from the primary master to any given slave, it is possible that
>>>>>       a slave will receive a NOTIFY from one of its known masters even
>>>>>       though the rest of its known masters have not yet updated their
>>>>>       copies of the zone.  Therefore, when issuing a QUERY for the
>>>>>       zone's SOA, the query should be directed at the known master who
>>>>>       was the source of the NOTIFY event, and not at any of the other
>>>>>       known masters

This is in fact what NSD does. I took a look at it today and it seems
that there is a bug when allow-notify specifies a subnet. The notifier
is than not properly matched with the request-xfr entries.

Tomorrow I will spend some time fixing it. Untested, but as a work
around specify all hosts separately in allow-notify exactly like in

Yuri Schaeffer

More information about the nsd-users mailing list