OK I fixed the root issue by introducing a forwarding zone for example.com to
get the resolution for ns{1,2,3}.example.com from internet nameservers:
zone "example.com" IN {
type forward;
forwarders { 1.1.1.1; 8.8.8.8; };
};
Now, the notification can start at all, but then the notifies fail as expected
and the notify debug log messages appear.
Issue solved, but it would be better, if there had been a log message like e.g.
"Cannot resolve addresses of to-be-notified nameservers, notification
impossible.".
> Gesendet: Mittwoch, 05. Januar 2022 um 16:34 Uhr
> Von: "Hildegard Meier" <daku8...@gmx.de>
> An: "Hildegard Meier" <daku8...@gmx.de>
> Cc: bind-users@lists.isc.org
> Betreff: Aw: No "notify" category debug log entries anymore with Bind 9.11.3
>
> Additional difference between the old Bind 9.8.1 Host and the new Bind 9.11.3
> Host is that the new (test) Host cannot (and shall not) reach the external
> DNS servers that are in the SOA records of the DNS zones we host as "hidden
> primary" and notify to the external bind hosts. (because it is only for test)
>
> It looks like because the new host cannot reach the external nameservers,
> also the address records of the nameservers of our hosted zones (in the SOA)
> cannot be resolved, to which the notifies go to.
>
> So if I do a "rndc norify" to force a notification of the external
> nameservers, their IP addresses are unknown to Bind, and therefore nothing
> can be done.
>
> So this is a logging issue, because there should be a message I think of
> severity "info" at least, if a notify cannot be started because unknown IP
> addresses of the nameservers to be notified.
> Instead as I have written, is just logged
> > 29-Dec-2021 12:00:33.475 notify: info: zone example.com/IN: sending
> > notifies (serial 2021021001)
>
> and nothing more. This is insufficient, even more when in debug log level.
>
> Is there a way to exclude
> ns1.example.com
> ns2.example.com
> ns3.example.com
>
> from bind recursive resolving but give bind static A records for that names,
> or alternatively tell bind to look in /etc/hosts for the IP addresses?
> Then I would expect the test bind host to really start the notifies to the IP
> addresses and then the notify failure messages would appear.
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
