[dns-operations] the slave verify the notify IP
Mark Andrews
marka at isc.org
Fri Dec 13 03:47:52 UTC 2013
In message <52A93EF9.2030600 at bluerosetech.com>, Darren Pilgrim writes:
> On 12/11/2013 2:09 AM, Dnsbed Ops wrote:
> > Does the slave verify the notify IP?
> > When the master send a notify to slaves, does the slave make sure it is
> > from the correct master IP?
>
> That's implementation specific, but usually yes. It's mostly
> meaningless, however, since notify messages can arrive over UDP. Use
> signed notifies if you want to restrict who can send notifies to your
> slaves.
It's point is to stop the server from initiating refresh processing
unless the message comes from a configured master. This doesn't
have to be a perfect filter. The serial in the SOA record (if
present) is just a hint as to whether you should start refresh
processing or not.
Notify doesn't stop normal refresh processing occuring. It can
just speed it up.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list