[nsd-users] allow-notify SUBNET and request-xfr inconsistency
Yuri Schaeffer
yuri at nlnetlabs.nl
Mon Jul 23 19:49:21 UTC 2012
Hi Ilya,
>>>> message and it should be accepted. Furthermore, RFC-1996, Section 3.11
>>
>> says:
>>>>> Because a deep server dependency graph may have multiple paths
>>>>> from the primary master to any given slave, it is possible that
>>>>> a slave will receive a NOTIFY from one of its known masters even
>>>>> though the rest of its known masters have not yet updated their
>>>>> copies of the zone. Therefore, when issuing a QUERY for the
>>>>> zone's SOA, the query should be directed at the known master who
>>>>> was the source of the NOTIFY event, and not at any of the other
>>>>> known masters
This is in fact what NSD does. I took a look at it today and it seems
that there is a bug when allow-notify specifies a subnet. The notifier
is than not properly matched with the request-xfr entries.
Tomorrow I will spend some time fixing it. Untested, but as a work
around specify all hosts separately in allow-notify exactly like in
request-xfr.
Regards,
Yuri Schaeffer
More information about the nsd-users
mailing list