Re: transfert master slave

Mon, 25 Mar 2024 04:53:44 -0700 

Hi Sami.
"allow-..." statements are to restrict from which sources *this* server
will accept messages, of whichever type.
On the secondary (slave), "allow-notify {192.168.56.154;};" will permit it
to process NOTIFY messages sent to it from the primary (master), but ignore
any others. Actually, this is not necessary because it would do that
anyway. See the ARM description for this statement -
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-allow-notify

NOTIFY messages from the primary will reach the secondary server and be
processed because the primary is listed in an NS record in the zone. As
Mark says, you cannot stop this. You could test sending NOTIFY from a third
server that is *not* listed as an NS for the zone.

On the primary you do not need allow-transfer {192.168.56.157;}; as the
primary is not transferring *from* the secondary.
You probably also don't need also-notify {192.168.56.157;}; if the
secondary has an NS record in the zones it will be transferring, which it
should.

Hope that helps.
Greg

On Mon, 25 Mar 2024 at 11:34, <sami.ra...@sofrecom.com> wrote:

> Hello community,
>
> I'm trying to configure a DNS slave server (192.168.56.157) . I want to
> allow notifications only from the master (192.168.56.154). I added the
> directive "allow-notify {192.168.56.154;};" and it works. However, when I
> try to test the prohibition of notification by adding "allow-notify
> {none;};" at the slave, it still receives updates from the master. The
> transfer on the master is as follows:
>
> allow-transfer {192.168.56.157;};
>
> also-notify {192.168.56.157;};
>
> notify explicit;"
>
>
>
> PS. BIND version : 9.16.48
>
>
>
> Regards Sami
>
> Orange Restricted
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to