From owner-freebsd-isp Mon Feb 12 20:48:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id 6B82237B491 for ; Mon, 12 Feb 2001 20:48:33 -0800 (PST) Received: from ruby.ccmr.cornell.edu (IDENT:0@ruby.ccmr.cornell.edu [128.84.231.115]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id XAA13547; Mon, 12 Feb 2001 23:48:32 -0500 Received: from localhost (mitch@localhost) by ruby.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id XAA13690; Mon, 12 Feb 2001 23:48:31 -0500 X-Authentication-Warning: ruby.ccmr.cornell.edu: mitch owned process doing -bs Date: Mon, 12 Feb 2001 23:48:31 -0500 (EST) From: Mitch Collinsworth To: James Housley Cc: Corey Ralph , freebsd-isp@FreeBSD.ORG Subject: Re: Bind problems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 12 Feb 2001, Mitch Collinsworth wrote: > On Mon, 12 Feb 2001, James Housley wrote: > > > I might be seeing a similar problem. Since I upgraded to 8.2.3 via > > CVSup in 4.2-STABLE some of my secondaries are suddenly saying my > > unpublished master is no longer authorative for some of my domains. I > > am getting "Received NOTIFY answer (!AA)" messages in my notify log. > > Well this one seems to be addressed in the CHANGES file. Entry 1025, > prior to the 8.2.3-T6B release says: > > 1025. [proto] NOTIFY messages should have AA. > > Not much to go on there. Sounds like somebody didn't like the idea > of sending NOTIFY's if you aren't authoritative. I don't know if > this is stated in an RFC somewhere or if it was a developer decision. > I think there may be a case for arguing this is unnecessarily > restrictive, though there might also be a case for arguing it's a > security issue or potential DOS. The place to take it up is probably > bind-users. Replying to myself here, it seems I should have finished reading the CHANGES file before firing this off. Further along are these entries: 1037. [support] soften #1025 -- continue to accept !AA notify req's. 1055. [bug] aa was being cleared on notify "queries" prior to testing. 1037 seems to support my argument that 1025 was a mistake. But your logs seem to indicate the reversal of 1025 didn't take. Not sure what 1055 is trying to say. Probably time to write to bind-users. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message