[dns-operations] the slave verify the notify IP

Mark Andrews marka at isc.org
Fri Dec 13 03:47:52 UTC 2013

In message <52A93EF9.2030600 at bluerosetech.com>, Darren Pilgrim writes:
> On 12/11/2013 2:09 AM, Dnsbed Ops wrote:
> > Does the slave verify the notify IP?
> > When the master send a notify to slaves, does the slave make sure it is
> > from the correct master IP?
> That's implementation specific, but usually yes.  It's mostly 
> meaningless, however, since notify messages can arrive over UDP.  Use 
> signed notifies if you want to restrict who can send notifies to your 
> slaves.

It's point is to stop the server from initiating refresh processing
unless the message comes from a configured master.  This doesn't
have to be a perfect filter.  The serial in the SOA record (if
present) is just a hint as to whether you should start refresh
processing or not.

Notify doesn't stop normal refresh processing occuring.  It can
just speed it up.

> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list