BIND9 为从属区域发送通知,但为什么呢?
BIND9 sends notify for slave zones, but why?
我们的 BIND9 安装(在 141.42.1.11、2.22、3.33 和 196.196 上)是区域 vdi.charite.de:
的从站
29-Dec-2016 14:28:31.082 general: zone vdi.charite.de/IN: notify from 10.32.32.51#53930: serial 13301424
29-Dec-2016 14:28:31.085 general: zone vdi.charite.de/IN: Transfer started.
29-Dec-2016 14:28:31.144 general: zone vdi.charite.de/IN: transferred serial 13301424
而且,尽管我们所有的内部 DNS 服务器都只是 vdi 区域的从属服务器,但我们仍然看到来自其他从属服务器的通知:
29-Dec-2016 14:28:31.623 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.2.22#36708
29-Dec-2016 14:28:31.637 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.3.33#59869
29-Dec-2016 14:28:31.639 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.196.196#37013
为什么?我怎样才能关闭它?
区域定义:
zone "vdi.charite.de" {type slave; file "vdi.charite.de"; masters { 10.32.32.51; 10.47.120.201; }; };
我们的选择包括:
notify yes; // send DNS NOTIFY
这是预期的行为,来自 BIND 9 Administrator Reference Manual:
第 15 页:
DNS NOTIFY is a mechanism that allows master servers to notify their
slave servers of changes to a zone’s data.
还有
As a slave zone can also be a master to other slaves, named, by
default, sends NOTIFY messages for every zone it loads. Specifying
notify master-only; will cause named to only send NOTIFY for master zones that it loads.
第 88 页有更多详细信息:
notify
If yes (the default), DNS NOTIFY messages are sent when a zone the
server is authoritative for changes, see Section 4.1. The messages are
sent to the servers listed in the zone’s NS records (except the master
server identified in the SOA MNAME field), and to any servers listed
in the also-notify option.
If master-only, notifies are only sent for master zones.
我们的 BIND9 安装(在 141.42.1.11、2.22、3.33 和 196.196 上)是区域 vdi.charite.de:
的从站 29-Dec-2016 14:28:31.082 general: zone vdi.charite.de/IN: notify from 10.32.32.51#53930: serial 13301424
29-Dec-2016 14:28:31.085 general: zone vdi.charite.de/IN: Transfer started.
29-Dec-2016 14:28:31.144 general: zone vdi.charite.de/IN: transferred serial 13301424
而且,尽管我们所有的内部 DNS 服务器都只是 vdi 区域的从属服务器,但我们仍然看到来自其他从属服务器的通知:
29-Dec-2016 14:28:31.623 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.2.22#36708
29-Dec-2016 14:28:31.637 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.3.33#59869
29-Dec-2016 14:28:31.639 general: zone vdi.charite.de/IN: refused notify from non-master: 141.42.196.196#37013
为什么?我怎样才能关闭它?
区域定义:
zone "vdi.charite.de" {type slave; file "vdi.charite.de"; masters { 10.32.32.51; 10.47.120.201; }; };
我们的选择包括:
notify yes; // send DNS NOTIFY
这是预期的行为,来自 BIND 9 Administrator Reference Manual:
第 15 页:
DNS NOTIFY is a mechanism that allows master servers to notify their slave servers of changes to a zone’s data.
还有
As a slave zone can also be a master to other slaves, named, by default, sends NOTIFY messages for every zone it loads. Specifying notify master-only; will cause named to only send NOTIFY for master zones that it loads.
第 88 页有更多详细信息:
notify
If yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes, see Section 4.1. The messages are sent to the servers listed in the zone’s NS records (except the master server identified in the SOA MNAME field), and to any servers listed in the also-notify option.
If master-only, notifies are only sent for master zones.