Re: Support for NAT in Bind?

To: Debian ISP Mailing List <debian-isp@lists.debian.org>
Subject: Re: Support for NAT in Bind?
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 20 Apr 2007 23:42:08 +1000
Message-id: <20070420134208.GA9534@taz.net.au>
In-reply-to: <20070420105243.GA9675@kufelek>
References: <20070420105243.GA9675@kufelek>

On Fri, Apr 20, 2007 at 11:52:43AM +0100, Marcin Owsiany wrote:
> How do I let bind know that Y NATs to B, so that it won't send a
> spurious NOTIFY to itself in (5)?
> 
> Also, it would be nice to somehow make master send NOTIFY to B instead
> of Y in (1), so that I can keep the communication inside the LAN.

use the "notify" and "also-notify" options in your zone definition, or
in your global options.


from named.conf(5):

     notify
       If yes (the default), DNS NOTIFY messages are sent when a zone
       the server is authoritative for changes.  The use of NOTIFY speeds
       convergence between the master and its slaves.  Slave servers that
       receive a NOTIFY message and understand it will contact the master
       server for the zone and see if they need to do a zone transfer, and if
       they do, they will initiate it immediately.  If explicit, the DNS
       NOTIFY messages will only be sent to the addresses in the also-notify
       list.  The notify option may also be specified in the zone statement, in
       which case it overrides the options notify statement.


     also-notify
       Defines a global list of IP addresses that also get sent NOTIFY
       messages whenever a fresh copy of the zone is loaded. This helps
       to ensure that copies of the zones will quickly converge on
       ``stealth'' servers.  If an also-notify list is given in a zone
       statement, it will override the options also-notify statement.
       When a zone notify statement is set to no, the IP addresses in
       the global also-notify list will not get sent NOTIFY messages for
       that zone.  The default is the empty list (no global notification
       list).


actually, that's from the man page for bind 8 (which has better man pages than
bind 9...bind 9 has a better/bigger manual, but that doesn't replace the need
for man pages).

for bind9, you'll want to look up the manual for:


       notify notifytype;
       notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
       notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
       notify-delay seconds;
       also-notify [ port integer ] { ( ipv4_address | ipv6_address )
            [ port integer ]; ... };
       allow-notify { address_match_element; ... };


craig

-- 
craig sanders <cas@taz.net.au>

BOFH excuse #161:

monitor VLF leakage

Reply to:

Follow-Ups:
- Re: Support for NAT in Bind?
  - From: Marcin Owsiany <porridge@debian.org>

References:
- Support for NAT in Bind?
  - From: Marcin Owsiany <porridge@debian.org>

Prev by Date: Support for NAT in Bind?
Next by Date: Re: Support for NAT in Bind?
Previous by thread: Support for NAT in Bind?
Next by thread: Re: Support for NAT in Bind?
Index(es):
- Date
- Thread