hi-
i'm having a problem where notifies are not sent unless also-notify is used to
explicitly specify hosts.
here is the config from the computer serving the master zone:
>named-checkconf -p
options {
bindkeys-file "/etc/bind/keys/dnssec/bind.keys";
blackhole {
"bogon";
};
session-keyalg "hmac-sha512";
directory "/var/cache/bind";
hostname "dca-ans-1.example.com";
interface-interval 0;
managed-keys-directory "/etc/bind/keys/managed";
server-id "dca-ans-1.example.com";
version none;
additional-from-auth no;
additional-from-cache no;
allow-query-cache {
"none";
};
allow-query-cache-on {
"none";
};
allow-recursion {
"none";
};
allow-recursion-on {
"none";
};
dnssec-enable yes;
empty-zones-enable no;
minimal-responses yes;
recursion no;
allow-query {
"any";
};
allow-query-on {
"any";
};
allow-transfer {
"loopback";
"physical_interfaces";
"slaves";
};
check-dup-records fail;
check-mx fail;
check-mx-cname fail;
check-srv-cname fail;
check-wildcard yes;
masterfile-format raw;
zone-statistics full;
};
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1/32;
} keys {
"rndc-key-1";
};
};
acl "loopback" {
127.0.0.1/32;
::1/128;
};
acl "physical_interfaces" {
10.128.13.62/32;
};
acl "local_network" {
10.0.0.0/8;
};
acl "slaves" {
10.128.13.63/32;
};
acl "bogon" {
0.0.0.0/8;
169.254.0.0/16;
172.16.0.0/12;
192.0.0.0/24;
192.0.2.0/24;
192.168.0.0/16;
198.18.0.0/15;
198.51.100.0/24;
203.0.113.0/24;
224.0.0.0/3;
};
logging {
[...]
};
key "rndc-key-1" {
algorithm "hmac-md5";
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
key "ddns-key-1" {
algorithm "hmac-sha512";
secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
};
zone "10.in-addr.arpa" {
type master;
file "/srv/dns/internal/master/reverse/10.in-addr.arpa";
update-policy {
grant "ddns-key-1" zonesub "any";
};
};
and here is the zone being served:
>dig @localhost -x 10 axfr +norec
; <<>> DiG 9.9.5-3ubuntu0.2-Ubuntu <<>> @localhost -x 10 axfr +norec
; (1 server found)
;; global options: +cmd
10.in-addr.arpa. 86400 IN SOA dca-ans-1.example.com.
hostmaster.example.com. 2015032904 7200 1800 1209600 3600
10.in-addr.arpa. 86400 IN NS dca-ans-1.example.com.
10.in-addr.arpa. 86400 IN NS dca-ans-2.example.com.
10.in-addr.arpa. 86400 IN SOA dca-ans-1.example.com.
hostmaster.example.com. 2015032904 7200 1800 1209600 3600
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 29 17:19:51 EDT 2015
;; XFR size: 16 records (messages 1, bytes 449)
dca-ans-2 resolves to 10.128.13.63:
>host dca-ans-2.example.com
dca-ans-2.example.com has address 10.128.13.63
when i trigger a notify, bind never sends a notify to dca-ans-2:
>rndc trace 3
>rndc notify 10.in-addr.arpa.
zone notify queued
debug.log:
29-Mar-2015 17:25:33.860 general: debug 1: received control channel command
'null'
29-Mar-2015 17:25:33.860 general: info: received control channel command
'notify 10.in-addr.arpa.'
29-Mar-2015 17:25:33.860 general: debug 1: zone_settimer: zone
10.in-addr.arpa/IN: enter
29-Mar-2015 17:25:33.860 general: debug 1: zone_timer: zone 10.in-addr.arpa/IN:
enter
29-Mar-2015 17:25:33.860 general: debug 1: zone_maintenance: zone
10.in-addr.arpa/IN: enter
29-Mar-2015 17:25:33.860 notify: info: zone 10.in-addr.arpa/IN: sending
notifies (serial 2015032904)
29-Mar-2015 17:25:33.860 general: debug 1: zone_settimer: zone
10.in-addr.arpa/IN: enter
but when specifying dca-ans-2 explicitly in also-notify:
also-notify {
10.128.13.63;
};
it does:
29-Mar-2015 17:27:15.945 general: debug 1: received control channel command
'null'
29-Mar-2015 17:27:15.945 general: info: received control channel command
'notify 10.in-addr.arpa.'
29-Mar-2015 17:27:15.945 general: debug 1: zone_settimer: zone
10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 general: debug 1: zone_timer: zone 10.in-addr.arpa/IN:
enter
29-Mar-2015 17:27:15.945 general: debug 1: zone_maintenance: zone
10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 notify: info: zone 10.in-addr.arpa/IN: sending
notifies (serial 2015032904)
29-Mar-2015 17:27:15.945 general: debug 1: zone_settimer: zone
10.in-addr.arpa/IN: enter
29-Mar-2015 17:27:15.945 notify: debug 3: zone 10.in-addr.arpa/IN: sending
notify to 10.128.13.63#53
29-Mar-2015 17:27:15.945 general: debug 3: dns_request_createvia
29-Mar-2015 17:27:15.945 general: debug 3: request_render
29-Mar-2015 17:27:15.945 general: debug 3: requestmgr_attach: 0x7fda5c66d010:
eref 1 iref 1
29-Mar-2015 17:27:15.945 general: debug 3: mgr_gethash
29-Mar-2015 17:27:15.945 general: debug 3: req_send: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.945 general: debug 3: dns_request_createvia: request
0x7fda5c6d1460
29-Mar-2015 17:27:15.945 general: debug 3: req_senddone: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_response: request
0x7fda5c6d1460: success
29-Mar-2015 17:27:15.946 general: debug 3: req_cancel: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_sendevent: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: dns_request_getresponse: request
0x7fda5c6d1460
29-Mar-2015 17:27:15.946 notify: debug 3: zone 10.in-addr.arpa/IN: notify
response from 10.128.13.63#53: NOERROR
29-Mar-2015 17:27:15.946 general: debug 3: dns_request_destroy: request
0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: req_destroy: request 0x7fda5c6d1460
29-Mar-2015 17:27:15.946 general: debug 3: requestmgr_detach: 0x7fda5c66d010:
eref 1 iref 0
version is 9.9.5 courtesy of ubuntu:
>named -v
BIND 9.9.5-3ubuntu0.2-Ubuntu (Extended Support Version)
if i'm understanding the documentation right, by default bind should send
notifies to all servers listed in the ns records for a zone, except for the soa
mname - which would mean that dca-ans-2 should be notified by default - but it
appears to not be. how can i troubleshoot this further?
thanks
-ben
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
