我隐藏的DNS主服务器仅向区域的其中一个名称服务器发送通知
我有3个命名服务器ns0,ns1& ns2全部运行绑定9.7.3.dfsg-1ubuntu4.1.
我有3个命名服务器ns0,ns1& ns2全部运行绑定9.7.3.dfsg-1ubuntu4.1.
处理更新时,master(ns0)似乎正常运行.
ns0(192.168.2.50)
zone domain.org/IN: sending notifies (serial 2012060703) client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR started: TSIG rndc-key client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR ended
ns2(192.168.2.52)
client 192.168.2.50#3762: received notify for zone 'domain.org': TSIG 'rndc-key' zone domain.org/IN: Transfer started. transfer of 'domain.org/IN' from 192.168.2.50#53: connected using 192.168.2.52#55747 zone domain.org/IN: transferred serial 2012060704: TSIG 'rndc-key' transfer of 'domain.org/IN' from 192.168.2.50#53: Transfer completed: 1 messages,34 records,1028 bytes,0.001 secs (1028000 bytes/sec)
ns1上没有任何反应.
我已经调高了日志记录级别,但是在syslog中没有关于实际名称服务器bind发送通知的信息,所以我猜这是它不记录的东西.
我也试过看tcpdump,它从未尝试只通知ns1 ns2
192.168.2.50.56278 > 192.168.2.52.53: [udp sum ok] 56418 notify [b2&3=0x2400] [1a] [1au] ↵ SOA? domain.org. domain.org. [0s] SOA ns1.domain.net. dnsmaster.domain.net. ↵ 2012060801 10800 3600 604800 3600 ar: rndc-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=56418 error=0 otherlen=0 (174)
授权区域具有ns1和ns2记录
$ORIGIN domain.org.
$TTL 3h
@ IN SOA ns1.domain.net. dnsmaster.domain.net. (
2012060801 ; Serial yyyymmddnn
3h ; Refresh After 3 hours
1h ; Retry Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Minimum negative caching of 1 hour
@ 3600 IN NS ns1.domain.net.
@ 3600 IN NS ns2.domain.net.
//编辑
我添加了通知{192.168.2.51; 192.168.2.52;};显式到区域文件,它一切正常,ns1和ns2都获得通知消息和传输成功.
解决方法
你试过这个吗?
notify-to-soa yes;
从BIND 9配置参考:
notify-to-soa
If yes do not check the nameservers in the NS RRset against the SOA MNAME. normally a NOTIFY message is not sent to the SOA MNAME (SOA ORIGIN) as it is supposed to contain the name of the ultimate master. Sometimes,however,a slave is listed as the SOA MNAME in hidden master configurations and in that case you would want the ultimate master to still send NOTIFY messages to all the nameservers listed in the NS RRset.
