Bind9 slave server not updating
allow-update-forwarding defines a match list, for instance, IP address(es) that are allowed to submit dynamic updates to a 'slave' sever for onward transmission to a 'master'.This statement may be used in zone, view or an options clause.allow-update defines an address_match_list of hosts that are allowed to submit dynamic updates for master zones, and thus this statement enables Dynamic DNS.The default in BIND 9 is to disallow updates from all hosts, that is, DDNS is disabled by default.While on its face this may seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys can get all of it anyway.However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible Do S attack initiated by XFER requests, then use the following policy.allow-notify applies to slave zones only and defines a match list, for example, IP address(es) that are allowed to NOTIFY this server and implicitly update the zone in addition to those hosts defined in the masters option for the zone.
This statement may be used in normal zone, view or a global options clause.
This statement may be used in a zone, view or global options clause. IP address(es) that are allowed to transfer (copy) the zone information from the server (master or slave for the zone).
The default behaviour is to allow zone transfers to any host.
The format of also-notify changed in BIND9.9 to that shown below. The also-notify statement is relevant only with master zones and defines one or more IP addresses, and optional port numbers, of servers that will be sent a NOTIFY when the master zone file is reloaded.
The receiving slave controls which port number and which addresses it will accept NOTIFY messages from using the allow-notify statement or the masters statement.// fragment // key clause is shown only for illustration and would // normally be included in the file key "update-key" ; .... zone "example.com" in; zone "example.org" in; In the zone, the reference to the key clause "update-key" implies that the application that performs the update, say nsupdate, is using TSIG and must also have the same shared secret with the same key-name.