Hi, Thank you for reply.
> The whole fact that master sent a notify to slave does NOT mean that the > master is reachable from the slave, it only means that slave is reachable > from the master. In theory you are right. But in most cases it also means that the master is reachable from the slave. In my opinion BIND should forget the master was unreachable and simply follow the notification. In the worst case it will find the master to be unreachable again. > Either the slave tries to reach the master using wrong source IP address > (0.0.0.0#0 means it leaves this to system) or the master does not allow > traffic from slave (e.g. firewall). Nope, I know for sure that the master becomes reachable from the slave because I start it. And some time later the slave itself attempts to contact the master again and it succeeds. I had a look at the source code and I believe I found the problem. In lib/dns/zone.c the is a cache where unreachable masters are stored. Function dns_zonemgr_unreachable() is used to check if a master in marked as unreachable, while dns_zonemgr_unrechableadd() - to add entries to the cache. In my opinion the problem is that there is no mechanism to remove entries from the cache except when they expire. BIND should remove an entry for a particular master every time it receives any communication from that master, like in dns_zone_notifyreceive(). As you pointed out, it doesn't necesarrily mean the master is reachable from the slave but it is worth trying to respond to the notification, it won't hurt. What do you think? Take care, Jarek _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
