[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Support for NAT in Bind?

On Fri, Apr 20, 2007 at 11:52:43AM +0100, Marcin Owsiany wrote:
> How do I let bind know that Y NATs to B, so that it won't send a
> spurious NOTIFY to itself in (5)?
> Also, it would be nice to somehow make master send NOTIFY to B instead
> of Y in (1), so that I can keep the communication inside the LAN.

use the "notify" and "also-notify" options in your zone definition, or
in your global options.

from named.conf(5):

       If yes (the default), DNS NOTIFY messages are sent when a zone
       the server is authoritative for changes.  The use of NOTIFY speeds
       convergence between the master and its slaves.  Slave servers that
       receive a NOTIFY message and understand it will contact the master
       server for the zone and see if they need to do a zone transfer, and if
       they do, they will initiate it immediately.  If explicit, the DNS
       NOTIFY messages will only be sent to the addresses in the also-notify
       list.  The notify option may also be specified in the zone statement, in
       which case it overrides the options notify statement.

       Defines a global list of IP addresses that also get sent NOTIFY
       messages whenever a fresh copy of the zone is loaded. This helps
       to ensure that copies of the zones will quickly converge on
       ``stealth'' servers.  If an also-notify list is given in a zone
       statement, it will override the options also-notify statement.
       When a zone notify statement is set to no, the IP addresses in
       the global also-notify list will not get sent NOTIFY messages for
       that zone.  The default is the empty list (no global notification

actually, that's from the man page for bind 8 (which has better man pages than
bind 9...bind 9 has a better/bigger manual, but that doesn't replace the need
for man pages).

for bind9, you'll want to look up the manual for:

       notify notifytype;
       notify-source ( ipv4_address | * ) [ port ( integer | * ) ];
       notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ];
       notify-delay seconds;
       also-notify [ port integer ] { ( ipv4_address | ipv6_address )
            [ port integer ]; ... };
       allow-notify { address_match_element; ... };


craig sanders <cas@taz.net.au>

BOFH excuse #161:

monitor VLF leakage

Reply to: