RE: transfert master slave

[sami . rahal]

It's clearer now, thank you Greg
Sami

De : Greg Choules <gregchoules+bindus...@googlemail.com>
Envoyé : lundi 25 mars 2024 12:52
À : RAHAL Sami SOFRECOM <sami.ra...@sofrecom.com>
Cc : ML BIND Users <bind-users@lists.isc.org>
Objet : Re: transfert master slave

Hi Sami.
"allow-..." statements are to restrict from which sources *this* server will 
accept messages, of whichever type.
On the secondary (slave), "allow-notify {192.168.56.154;};" will permit it to 
process NOTIFY messages sent to it from the primary (master), but ignore any 
others. Actually, this is not necessary because it would do that anyway. See 
the ARM description for this statement - 
https://bind9.readthedocs.io/en/latest/reference.html#namedconf-statement-allow-notify

NOTIFY messages from the primary will reach the secondary server and be 
processed because the primary is listed in an NS record in the zone. As Mark 
says, you cannot stop this. You could test sending NOTIFY from a third server 
that is *not* listed as an NS for the zone.

On the primary you do not need allow-transfer {192.168.56.157;}; as the primary 
is not transferring *from* the secondary.
You probably also don't need also-notify {192.168.56.157;}; if the secondary 
has an NS record in the zones it will be transferring, which it should.

Hope that helps.
Greg

On Mon, 25 Mar 2024 at 11:34, 
<sami.ra...@sofrecom.com<mailto:sami.ra...@sofrecom.com>> wrote:
Hello community,
I'm trying to configure a DNS slave server (192.168.56.157) . I want to allow 
notifications only from the master (192.168.56.154). I added the directive 
"allow-notify {192.168.56.154;};" and it works. However, when I try to test the 
prohibition of notification by adding "allow-notify {none;};" at the slave, it 
still receives updates from the master. The transfer on the master is as 
follows:
allow-transfer {192.168.56.157;};
also-notify {192.168.56.157;};
notify explicit;"

PS. BIND version : 9.16.48

Regards Sami
Orange Restricted

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users