Bind master slave not updating

Requirements for the Nameserver Communication protocol) I’m not aware of something that can be used out of the box.) The method I propose, and for which I include a prototypical proof of concept (which is working very nicely in my portable data center) can be used to provision BIND slaves, and NSD slaves from any server which is capable of sending a DNS NOTIFY to its slaves.A small utility called runs on the slave servers alongside BIND or NSD and, on a different port number, listens for NOTIFY requests.(And I refuse to abstain from using the terms master/slave.) When we provision a master server with a new zone we must update all slave servers and inform them of the existence of this new zone and which addresses the master servers for the zone have.Unless you are using Power DNS with My SQL or Postgre SQL replication (which is off topic for this discussion) this is a procedure that is normally done manually.As soon as it receives a NOTIFY, it checks a local database (simplistically implemented as a file on the file system in this Po C) to see whether it knows of the zone.If it doesn’t, launches an external command to add the zone to the particular brand of name server.If the "notify" statement is set to "yes", this is a finding.Verify that zones for which the secondary server is authoritative is configured to notify other authorized secondary name servers when a zone file update has been received from the master name server for the zone. Inspect the "named.conf" file for the following:zone {notify explicit;also-notify ; If an "address match list" is used, verify that each ip address listed is an authorized secondary name server for that zone.

If the "also-notify" statement is missing, this is a finding.

The idea is that the primary master may not be able to notify all of the slave name servers for the zone itself, since it's possible some slaves can't communicate directly with the primary master (they use another slave as their master).

Older BIND 8 slaves don't send NOTIFY messages unless explicitly configured to do so.

The serial number used in the SOA record provides the DNS administrator a method to verify the integrity of the zone file based on the serial number of the last update and ensure that all slave servers are using the correct zone file.

When a primary master name server notices that the serial number of a zone has changed, it sends a special announcement to all of the slave name servers for that zone.

Leave a Reply