dynamic update nad easier config

Wouter Wijngaards wouter at NLnetLabs.nl
Wed Nov 29 08:15:45 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Koch wrote:
> On Tue, Nov 28, 2006 at 12:23:10PM +0100, Wouter Wijngaards wrote:
> 
>>> send notify to those slaves which has an NS record in it's zone file.
>> I do not wish to send NOTIFY to a server that does not expect it. Also I
>> am not sure 90% of people have such a setup.
> 
> shouldn't all slaves be warned to receive spurious NOTIFYs per RFC 1996, 4.2?

Yes. However, I want to reduce the amount of notifys flying around the
internet. Instead of a default to send out to all those servers, NSD has
the default to remain silent.

NSD implements the rule that it tries to axfr from the master that sent
the notify (if that host is also listed as request-xfr: in config). So
you can send notifies from other slaves, but it is more useful to
receive notifies from the masters.

So; this could be a useful feature.

I would prefer to implement this as config file (macro-style) processing.

The alternative of processing during another step complicates it (I
mean: it requires more code changes to the server, which is
undesirable). If the NS set is updated using a database-reload or
AXFR/IXFR: does this also immediately change the derived config? NSD is
currently not capable of adjusting its config on-the-fly. This is a
security feature, since chroot and username settings are in there.
Changing NSD to change config on the fly would require significant effort.

Preprocessing the config file makes it very clear that no updates are
going to happen later on.

So I am not sure how best to go about this.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFbTOhkDLqNwOhpPgRAsPTAKCD/0P1Z4YQVKAQnULCVjdVut6UXQCdEF9B
dPgbWy3hfmvRelEZCGdJ+Bc=
=zCou
-----END PGP SIGNATURE-----


More information about the nsd-users mailing list