Correlation between NOTIFY-Source and AXFR-Source
Hello!
I always was quite sure that Bind will request XFR from the Primary that sent
the NOTIFY.
config:
masters {
X.X.X.4;
X.X.X.20;
};
Bind Version 9.11.5.P4+dfsg-5.1+deb10u8
But I just saw this in the logs that the first NOTIFY is received from .20, but
AXFR is performed from .4:
15:31:17.715 general: info: zone versicherung/IN: notify from X.X.X.20#39334:
serial 1678375865
15:31:17.716 general: info: zone versicherung/IN: Transfer started.
15:31:17.716 xfer-in: info: transfer of 'versicherung/IN' from X.X.X.4#53:
connected using X.X.X.113#43555 TSIG rcode0-distribution
15:31:17.720 general: info: zone versicherung/IN: transferred serial
1678375865: TSIG 'rcode0-distribution'
15:31:17.720 xfer-in: info: transfer of 'versicherung/IN' from X.X.X.4#53:
Transfer status: success
15:31:17.720 xfer-in: info: transfer of 'versicherung/IN' from X.X.X.4#53:
Transfer completed: 1 messages, 82 records, 14703 bytes, 0.004 secs (3675750
bytes/sec)
15:31:20.001 notify: info: client @0x7fdb840c94a0 X.X.X.4#49990/key
rcode0-distribution: received notify for zone 'versicherung': TSIG
'rcode0-distribution'
15:31:20.001 general: info: zone versicherung/IN: notify from X.X.X.4#49990:
zone is up to date
Is there really no correlation between the notification source and the XFR
source?
Thanks
Klaus
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Correlation between NOTIFY-Source and AXFR-Source
I always was quite sure that Bind will request XFR from the Primary that sent the NOTIFY. my understanding has always been that the primaries are tried in configured order. Looking forward to hear which is actually correct. :) -JP -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Correlation between NOTIFY-Source and AXFR-Source
Named just uses the notify to trigger an early refresh process. It then just asks the primaries in configured order. There is no real point in trying the notifier first. -- Mark Andrews > On 10 Mar 2023, at 06:00, Jan-Piet Mens wrote: > > >> >> I always was quite sure that Bind will request XFR from the Primary that >> sent the NOTIFY. > > my understanding has always been that the primaries are tried in configured > order. > > Looking forward to hear which is actually correct. :) > >-JP > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
AW: Correlation between NOTIFY-Source and AXFR-Source
> -Ursprüngliche Nachricht- > Von: bind-users Im Auftrag von Mark > Andrews > Gesendet: Donnerstag, 9. März 2023 21:04 > An: Jan-Piet Mens > Cc: bind-users@lists.isc.org > Betreff: Re: Correlation between NOTIFY-Source and AXFR-Source > > Named just uses the notify to trigger an early refresh process. It then just > asks > the primaries in configured order.There is no real point in trying the > notifier > first. It depends. If one of the primaries is faster then the other in updating its version of the zone, named as secondary would have the update faster if it talks to fastest primary first. So there can be a benefit. Also if a primary is not reachable, for example maintenance and network issues, then named would not have to wait for timeouts before asking other primaries. So I see benefits. On the other hand, we do not have a problem with the current behavior. Thanks for the clarifications Klaus PS: Latest PowerDNS tries the NOTIFY source first. MAybe someone knows how Knot and NSD behave? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Correlation between NOTIFY-Source and AXFR-Source
On Thu, 9 Mar 2023, 20:27 Klaus Darilion via bind-users, < bind-users@lists.isc.org> wrote: > > -Ursprüngliche Nachricht- > > Von: bind-users Im Auftrag von Mark > > Andrews > > Gesendet: Donnerstag, 9. März 2023 21:04 > > > > Named just uses the notify to trigger an early refresh process. It then > just asks > > the primaries in configured order.There is no real point in trying the > notifier > > first. > > It depends. If one of the primaries is faster then the other in updating > its version of the zone, named as secondary would have the update faster if > it talks to fastest primary first. So there can be a benefit. Also if a > primary is not reachable, for example maintenance and network issues, then > named would not have to wait for timeouts before asking other primaries. So > I see benefits. > Chiming in to say +1 to Kalus' logic and sight of benefit here. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Correlation between NOTIFY-Source and AXFR-Source
On 3/9/23 2:25 PM, Paul Stead wrote: Chiming in to say +1 to Kalus' logic and sight of benefit here. Please forgive my ignorance in asking: Why doesn't the order of the configured primaries suffice? N.B. I'm assuming that this is the the order of the primaries for a zone in the named.conf file and not actually zone contents. What am I failing to understand? -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Correlation between NOTIFY-Source and AXFR-Source
On Thu, 9 Mar 2023, 23:53 Grant Taylor via bind-users, <
bind-users@lists.isc.org> wrote:
> On 3/9/23 2:25 PM, Paul Stead wrote:
> > Chiming in to say +1 to Kalus' logic and sight of benefit here.
>
> Please forgive my ignorance in asking:
>
> Why doesn't the order of the configured primaries suffice?
>
> N.B. I'm assuming that this is the the order of the primaries for a zone
> in the named.conf file and not actually zone contents.
>
> What am I failing to understand?
>
For much the reasons Klaus cited, really.
Given the example:
masters {
1.1.1.1
2.2.2.2
};
Imagine that 1.1.1.1 has lost network connectivity recently. A notify comes
from 2.2.2.2 - if I understand correctly Bind will try 1.1.1.1 first, time
out and then try 2.2.2.2 - even though we know given the situation that
2.2.2.2 has the latest copy of the zone we want.
For what it's worth, NSD also seems to follow the logic of using the
notifier as the next master/primary to target - xfrd.c -
xfrd_handle_passed_packet
Paul
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
