DekGenius.com
I l@ve RuBoard Previous Section Next Section

3.14 Limiting NOTIFY Messages

3.14.1 Problem

You want to limit the NOTIFY messages your zone's name servers send to the bare minimum. Unfortunately, by default, your zone's primary master name server will send NOTIFY messages to all of the zone's slaves, and the slaves will send NOTIFY messages to each other. (This behavior is intended to deal with slave name servers that get their zone transfers from other slaves.)

3.14.2 Solution

Turn NOTIFY off on the slave name servers, or configure those slaves that act as master name servers to notify only the slaves that transfer from them.

Turning NOTIFY off is simple. Use the notifysubstatement, either within a zonestatement (to turn off NOTIFY messages for just that zone):

zone "foo.example" {
    type slave;
    masters { 192.168.0.1; };
    file "bak.foo.example";
    notify no;
};

Or within the optionsstatement, to make not sending NOTIFY messages the default for this name server:

options {
    directory "/var/named";
    notify no;
};

To limit NOTIFY messages to just an explicit list of name servers, use the notify explicitsubstatement and define the list of name servers in an also-notifysubstatement:

zone "foo.example" {
    type slave;
    masters { 192.168.0.1; };
    file "bak.foo.eample";
    notify explicit;
    also-notify { 192.168.0.3; };
};

notify explicit is supported in BIND 9.1.0 and later, and BIND 8.3.2 and later.

Of course, notify explicitalso works as an options statement.

3.14.3 Discussion

The authoritative name servers for a zone "discover" which other name servers to notify from the zone's NS records. Normally, all of the zone's authoritative name servers are listed in the NS records, including the primary master and all of the slaves. If the primary master is listed in the MNAME (first RDATA) field of the zone's SOA record, the slaves won't notify it of changes. They will send NOTIFY messages to each other, though.

Though each NOTIFY message is relatively small, a change to a zone with a lot of name servers can trigger a blizzard of messages, as each slave name server tells every other slave that the zone has changed. Slaves ignore NOTIFY messages that don't come from their master name servers, so most of this traffic is wasted. It reminds me of sitting in the back of the car with my sister:

Mom: You two be quiet!

Me: Yeah, shut up.

Sis: No, you shut up.

Since my sister never listened to me and I never listened to my sister, there wasn't much point in our telling each other to shut up. My mother, of course, needed to tell both of us, or else we never would have shut up.

3.14.4 See Also

Section 3.13 for the use of also-notify and "DNS NOTIFY (Zone Change Notification)" in Chapter 10 of DNS and BIND.

    I l@ve RuBoard Previous Section Next Section