[dns-operations] BIND, Knot and NSD behaviour when serial number goes backwards

[Paul Vixie]

Shane Kerr wrote:
...
> ... not all servers use TSIG to
> secure NOTIFY (indeed I vaguely remember BIND 9 not supporting TSIG on
> NOTIFY packets, although I see ways to configure it in the BIND 9 ARM
> now). So while the serial version in a NOTIFY packet might be a
> helpful hint, ...

there is no need for tsig in notify.

signed or not it's only a hint. an SOA query still has to be made.

the serial# in a NOTIFY will often be out of date by the time an IXFR
can start.

-- 
P Vixie