[dns-operations] BIND, Knot and NSD behaviour when serial number goes backwards
paul at redbarn.org
Mon Feb 20 16:43:51 UTC 2017
Shane Kerr wrote:
> ... not all servers use TSIG to
> secure NOTIFY (indeed I vaguely remember BIND 9 not supporting TSIG on
> NOTIFY packets, although I see ways to configure it in the BIND 9 ARM
> now). So while the serial version in a NOTIFY packet might be a
> helpful hint, ...
there is no need for tsig in notify.
signed or not it's only a hint. an SOA query still has to be made.
the serial# in a NOTIFY will often be out of date by the time an IXFR
More information about the dns-operations