On 8/16/2010 1:48 PM, recvf...@gmail.com wrote:
Hi,
I have several internal DNS servers, one of which is a hidden master
for external zones. The nameserver listed in the SOA RR is in a DMZ.
The internal DNS servers forward all queries for non-authoritative
zones to a DNS server in the DMZ that will perform recursive queries,
but the internal nameservers are restricted from sending queries or
notifications to outside nameservers (and even if they were, it's
unlikely that a third-party slave would accept notifies from anything
but the master as listed in the SOA RR). What is the recommended
method to configure DNS notify for the internal hidden master? I
recognize that I can specify 'notify-to-soa yes;' in the view
statement (in which all of these zones are placed; or in individual
zone statements), but that will still result in attempted notification
to all of the other NS RRs for the zone. I'd prefer that the hidden
master notify the NS listed in the SOA RR, and that nameserver issue
notification to all of the other NS RRs after it has pulled the
zone(s).
I think the only way to prevent sending NOTIFYs to the nameservers in
the NS records is to "hardcode" your NOTIFY lists with a combination of
"also-notify"/"notify explicit".
Will 'notify-to-soa yes;' still initiate a notification even
if I turn off notify via 'notify no;'?
I'm pretty sure "notify yes/no" is a "master switch"; that if you
specify "notify no" none of the other notify-related options come into play.
I could be wrong on that, though, since I haven't played with the
NOTIFY-related options in recent versions of BIND.
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
