Hello,
In our massive corporate setup with hundreds BIND servers all around
planet, we have some "funny" configurations (please don't ask why :)),
that seem to be actually working just fine, but I would like to
understand if this is actually supported setup, or they just work by
accident or due to some kind of a bug.
We have some DNS servers which have some network limitations (mostly
firewalls) that allow communication only in certain directions, imagine
this setup with 3 DNS servers:
* A: is a master for zone test.org, can talk to B only
* B: is a slave for zone test.org, can talk to A and C
* C: is a slave for zone test.org, can talk only to B
What we do is, that:
* A is a real master, but can't reach C, so it allows zone transfer to B
and also sends NOTIFY to B.
* B is a slave to A, but master to C, it has also-notify for C, despite
it's not really a master.
* C is a slave to B
So when someone changes zone on A via nsupdate, NOTIFY and subsequent
IXFR goes like this: A -> B -> C instead of:
A -> B
-> C
Which would be the case in more "correct setup".
What confuses me however, is that I just found this in BIND
documentation at: https://www.zytrax.com/books/dns/ch7/xfer.html#also-notify
"The *also-notify* statement is relevant only with master zones..."
If also-notify works only with master zones, then why this works? Is it
even supposed to work? Is this a supported configuration at all?
Thanks for clearing this up
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
