Ah ha!
Now this was the option I was looking for. Tell bind to also notify
the SOA MNAME server, since it's not the true master feeing the zones.
Looks like this first appeared in BIND 9.5, and OpenBSD 4.9 still
ships 9.4.2. :(
Thanks for the tip, Chris, I didn't know such an option existed.
Cheers,
Jonathan
On Thu, Oct 27, 2011 at 11:57, Chris Thompson <c...@cam.ac.uk> wrote:
> On Oct 27 2011, Kevin Darcy wrote:
>
>> On 10/27/2011 11:02 AM, Jonathan Stewart wrote:
>>>
>>> Hello,
>>>
>>> Recently I set up a group of nameservers using a hidden master,
>>> visible slaves configuration.
>>>
>>> ns0 - hidden master
>>> ns1, ns2, ns3 - visible slave servers
>>>
>>> So I set the SOA and NS records like this
>>>
>>> zone.example IN SOA ns1.zone.example. hostmaster.example.com (
>>> 1 ; serial number
>>> 3600 ; refresh [1h]
>>> 600 ; retry [10m]
>>> 86400 ; expire [1d]
>>> 3600 )
>>>
>>> IN NS ns1.zone.example
>>> IN NS ns2.zone.example
>>> IN NS ns3.zone.example
>>>
>>>
>>> Thus, the hidden master, ns0, does not appear in the SOA or NS records.
>>>
>>> The problem is that NOTIFY messages do not get delivered to ns1,
>>> because it's the primary server in the SOA record. If i change the
>>> SOA to have ns0, then NOTIFYs work, ns1 updates immediately. I don't
>>> like this solution because my hidden master is no longer hidden when
>>> I'm publishing it in the SOA.
>>>
>>> Also, is this normal/expected behaviour? How can i get ns0 (and the
>>> others) to NOTIFY ns1 when the serial is incremented? Must i use an
>>> explicit {also-notify} ?
>>
>> Why not put something completely different -- i.e. neither the hidden
>> master nor any of the published NSes -- in the SOA.MNAME? Besides NOTIFY,
>> about the only other thing that cares about SOA.MNAME is Dynamic Update, and
>> that usually requires special handling in a hidden-master scenario anyway...
>
> Alternatively, specify "notify-to-soa yes;" in named.conf. See the ARM:
>
> | notify-to-soa
> |
> | If yes do not check the nameservers in the NS RRset against the
> | SOA MNAME. Normally a NOTIFY message is not sent to the SOA MNAME
> | (SOA ORIGIN) as it is supposed to contain the name of the ultimate
> | master. Sometimes, however, a slave is listed as the SOA MNAME in
> | hidden master configurations and in that case you would want the
> | ultimate master to still send NOTIFY messages to all the nameservers
> | listed in the NS RRset.
> --
> Chris Thompson
> Email: c...@cam.ac.uk
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Jonathan
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
