In message <[email protected]>, Darren Pilgrim writes: > On 12/11/2013 2:09 AM, Dnsbed Ops wrote: > > Does the slave verify the notify IP? > > When the master send a notify to slaves, does the slave make sure it is > > from the correct master IP? > > That's implementation specific, but usually yes. It's mostly > meaningless, however, since notify messages can arrive over UDP. Use > signed notifies if you want to restrict who can send notifies to your > slaves.
It's point is to stop the server from initiating refresh processing unless the message comes from a configured master. This doesn't have to be a perfect filter. The serial in the SOA record (if present) is just a hint as to whether you should start refresh processing or not. Notify doesn't stop normal refresh processing occuring. It can just speed it up. > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
