[sf-lug] (forw) linuxmafia.com 2015-12-28 00:02 System Events (sf-lug.{org, com}. DNS)

Michael Paoli Michael.Paoli at cal.berkeley.edu
Fri Feb 19 02:36:23 PST 2016 

Rick,

The annoyance factor of notifies from 198.144.194.235 (non-master)
for sf-lug.{com,org} zones should now be gone.  The data and summary
bits from the logs, further below, should show the last such notifies
you would have received - there should be no more of those.

I'm quite certain rationale of BIND9's default of sending notifies to
all NS except SOA MNAME, even from slave zones, is master/slave
is relative, and slave has no way to know that it's not (also)
master to an NS - hence the notifies (which can also be safely ignored
if not relevant to the target sent to from that source).

Times show below in *this* email (not necessarily earlier included
ones/excerpts) are GMT0.

$ ip -4 a s | fgrep 198.144.194.235
     inet 198.144.194.235/29 brd 198.144.194.239 scope global br0
$ (for TLD in com info org; do dig -t NS sf-lug."$TLD". +short |
> >>/dev/null 2>&1 fgrep -i linuxmafia && echo "$TLD"; done)
com
org
$

I noticed earlier, and finally got around to tweaking ...
BIND 9 Administrator Reference Manual
    notify
           If yes (the default), DNS NOTIFY messages are sent when a zone
           the server is authoritative for changes, see the section called
           "Notify". The messages are sent to the servers listed in the
           zone's NS records (except the master server identified in the
           SOA MNAME field), and to any servers listed in the also-notify
           option.

           If master-only, notifies are only sent for master zones. If
           explicit, notifies are sent only to servers explicitly listed
           using also-notify. If no, no notifies are sent.

           The notify option may also be specified in the zone statement,
           in which case it overrides the options notify statement. It
           would only be necessary to turn off this option if it caused
           slaves to crash.

# 2>>/dev/null rcsdiff -r1.12 -r1.13 named.conf.local
49a50
>       notify master-only;
67a69
>       notify master-only;
# rlog named.conf.local | sed -ne '13,17p'
----------------------------
revision 1.13
date: 2016/02/19 09:34:30;  author: root;  state: Exp;  lines: +2 -0
sf-lug.{org,com} added notify master-only - avoid annoying some  
slave(s) (ns1.linuxmafia.com.) with non-master notifies
----------------------------
#

...
38 notifies sent for sf-lug.{org,com} between 2016
Feb 14 18:31:37 and Feb 17 09:50:07
...
Feb 19 05:28:18 tigger named[6229]: zone sf-lug.com/IN: sending  
notifies (serial 4162605649)
Feb 19 05:28:18 tigger named[6229]: zone sf-lug.org/IN: sending  
notifies (serial 1452588035)
Feb 19 09:34:39 tigger named[6229]: received control channel command 'reload'
Feb 19 09:34:39 tigger named[6229]: loading configuration from  
'/etc/bind/named.conf'
Feb 19 09:34:39 tigger named[6229]: reloading configuration succeeded
Feb 19 09:34:39 tigger named[6229]: reloading zones succeeded
Feb 19 09:34:39 tigger named[6229]: all zones loaded
Feb 19 09:34:39 tigger named[6229]: running
$

> From: "Rick Moen" <rick at linuxmafia.com>
> Subject: Re: (forw) linuxmafia.com 2015-12-28 00:02 System Events  
> (sf-lug.{org,com}. DNS)
> Date: Mon, 28 Dec 2015 02:01:21 -0800

> Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
>
>> You might also get some NOTIFY from other DNS server(s) for those
>> zones - you can ignore those NOTIFY packets.
>
> Will do.  I just re-tweaked my logcheck rules, accordingly.


> From: "Michael Paoli" <Michael.Paoli at cal.berkeley.edu>
> Subject: Re: (forw) linuxmafia.com 2015-12-28 00:02 System Events  
> (sf-lug.{org,com}. DNS)
> Date: Mon, 28 Dec 2015 01:49:30 -0800

> The master for sf-lug.com. & sf-lug.org. is 198.144.194.238
> You should pull zones from that IP (there's probably also IPv6 but the IPv4
> would be at least slightly preferable presently).
>
> You might also get some NOTIFY from other DNS server(s) for those  
> zones - you can
> ignore those NOTIFY packets (I think you're the only person that's even ever
> noticed such :-) - or at least bothered to comment on it).  I may also go
> ahead and disable that bit ... cut down on the "noise".  :-)
>
>
>> From: "Rick Moen" <rick at linuxmafia.com>
>> Subject: (forw) linuxmafia.com 2015-12-28 00:02 System Events
>> Date: Mon, 28 Dec 2015 00:52:01 -0800
>
>> Hi, Michael, Jim, et al.  Is master nameserver for the sf-lug.com and
>> sf-lug.org domains still at IP address 198.144.194.238, which is where
>> my slave nameserver nsl.linuxmafia.com pulls down AXFR from?
>>
>> The reason I ask is that my nameserver keeps getting DNS NOTIFY about
>> those two domains from differing IP 198.144.194.235, as you'll see  
>> below.  Is
>> it desired that my nameserver accept NOTIFY from 198.144.194.235?
>>
>>
>> ----- Forwarded message from logcheck system account  
>> <logcheck at linuxmafia.com> -----
>>
>> Date: Mon, 28 Dec 2015 00:02:02 -0800
>> From: logcheck system account <logcheck at linuxmafia.com>
>> To: root at linuxmafia.com
>> Subject: linuxmafia.com 2015-12-28 00:02 System Events
>>
>> System Events
>> =-=-=-=-=-=-=
>> Dec 27 23:07:58 linuxmafia named[12076]: client  
>> 198.144.194.235#48421: received notify for zone 'sf-lug.com'
>> Dec 27 23:07:58 linuxmafia named[12076]: zone sf-lug.com/IN:  
>> refused notify from non-master: 198.144.194.235#48421
>> Dec 27 23:07:58 linuxmafia named[12076]: client  
>> 198.144.194.235#48421: received notify for zone 'sf-lug.org'
>> Dec 27 23:07:58 linuxmafia named[12076]: zone sf-lug.org/IN:  
>> refused notify from non-master: 198.144.194.235#48421
>>
>>
>> ----- End forwarded message -----

More information about the sf-lug mailing list