0

Good morning, all! Just a quick question on BIND behaviour on a RHEL machine: Current setup is 1 master, 3 slaves. When I change a record and issue a reload, the master apparently broadcasts the changes and the slaves get two updates: one from the private address of the master that is accepted, and one from the public address of the master that gets rejected. The named.conf has no provision for broadcast and is specifically configured to notify the private address of the slaves. Any notion as to why the reload goes out the public address even though it's not configured to do so?

Thanks to all for looking!

Gregg

Gregg Hughes
  • 67
  • 1
  • 1
  • 4

1 Answers1

0

By default, using notify will automatically send the update to name servers listed in the zone. You likely have the public IP address for the server listed within the zone which is going through the firewall and NATing before going back to the server.

You can change this behavior by setting the global (or per-zone) option of notify explicit; and then specifying only the IPs you want to send the updates to in an also-notify statement.

Reference in the BIND 9 documentation

  • Hello, Yoonix! I'm a bit confused. The public IPs aren't listed in the servers statement, and not in the also-notify statement as well. That's why I'm confused..... – Gregg Hughes May 26 '16 at 21:24
  • Right, they're listed as NS records inside the zone that gets updated. Default behavior sends NOTIFY to all the NS records in the zone as well as those listed in also-notify. That's where the 'also' comes from. notify explicit disables this behavior. –  May 26 '16 at 22:07
  • Thanks for the update. The NS records in the zone are listed as DNS names, not IP addresses. The names resolve to the private IP address. Perhaps the best course would be to change to explicit notify rather than also-notify in named.conf. Yes?? – Gregg Hughes May 31 '16 at 14:45
  • Not rather than, including. Setting notify explicit, then setting also-notify means it only notifies those listed in the auto-notify. –  May 31 '16 at 17:36