domain-name-system – 隐藏的DNS主服务器只向一个从服务器发送通知

我隐藏的DNS主服务器仅向区域的其中一个名称服务器发送通知
我有3个命名服务器ns0,ns1& ns2全部运行绑定9.7.3.dfsg-1ubuntu4.1.

处理更新时,master(ns0)似乎正常运行.

ns0(192.168.2.50)

zone domain.org/IN: sending notifies (serial 2012060703)
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR started: TSIG rndc-key
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR ended

ns2(192.168.2.52)

client 192.168.2.50#3762: received notify for zone 'domain.org': TSIG 'rndc-key'
zone domain.org/IN: Transfer started.
transfer of 'domain.org/IN' from 192.168.2.50#53: connected using 192.168.2.52#55747
zone domain.org/IN: transferred serial 2012060704: TSIG 'rndc-key'
transfer of 'domain.org/IN' from 192.168.2.50#53: Transfer completed: 1 messages,34 records,1028 bytes,0.001 secs (1028000 bytes/sec)

ns1上没有任何反应.
我已经调高了日志记录级别,但是在syslog中没有关于实际名称服务器bind发送通知的信息,所以我猜这是它不记录的东西.

我也试过看tcpdump,它从未尝试只通知ns1 ns2

192.168.2.50.56278 > 192.168.2.52.53: [udp sum ok] 56418 notify [b2&3=0x2400] [1a] [1au]
↵ SOA? domain.org. domain.org. [0s] SOA ns1.domain.net. dnsmaster.domain.net. 
↵ 2012060801 10800 3600 604800 3600 ar: rndc-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=56418 error=0 otherlen=0 (174)

授权区域具有ns1和ns2记录

$ORIGIN domain.org.
$TTL 3h
@   IN  SOA ns1.domain.net. dnsmaster.domain.net. (
        2012060801  ; Serial yyyymmddnn
        3h  ; Refresh After 3 hours
        1h  ; Retry Retry after 1 hour
        1w  ; Expire after 1 week
        1h )    ; Minimum negative caching of 1 hour

@   3600    IN  NS  ns1.domain.net.
@   3600    IN  NS  ns2.domain.net.

//编辑

添加通知{192.168.2.51; 192.168.2.52;};显式到区域文件,它一切正常,ns1和ns2都获得通知消息和传输成功.

我是在印象下绑定会自动发送通知到区域上的所有NS记录,也许它被窃听?

解决方法

你试过这个吗?

notify-to-soa yes;

从BIND 9配置参考:

notify-to-soa

If yes do not check the nameservers in the NS RRset against the SOA MNAME. Normally a NOTIFY message is not sent to the SOA MNAME (SOA ORIGIN) as it is supposed to contain the name of the ultimate master. Sometimes,however,a slave is listed as the SOA MNAME in hidden master configurations and in that case you would want the ultimate master to still send NOTIFY messages to all the nameservers listed in the NS RRset.

相关文章

操作步骤 1、进入elasticsearch的plugin,进入ik。进入config。 2、在config下面建立以.dic为后缀的字典...
lengend data数据中若存在'',则表示换行,用''切割。
代码实现 option = { backgroundColor: '#080b30', tooltip: { trigger: &...
问题原因 原因在于直接在js中取的变量并复制给var变量。 于是就变成这样。 解决办法 var data = &#...
前言 最近做了一个调查问卷导出的功能,需求是将维护的题目,答案,导出成word,参考了几种方案之后,选...
对于很多人来说,用字符编码都是熟能生巧,而不清楚为什么是那样的字符编码,所以我在这列了一个表,翻...