Discussion:
also-notify and allow-notify
Matus UHLAR - fantomas
2018-05-18 09:32:11 UTC
Permalink
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
######### Slave configuration
response-policy { zone "malware.trap"; };
zone "malware.trap" {
type slave;
masters { 192.168.5.48; };
file "/var/lib/bind/malware.trap.db";
allow-notify { 192.168.5.48; };
this is superflous. The default is to accept notifies from master.
allow-query {localhost; };
};
So here I am sending notification to 192.168.5.49 on port 4545; my queries
are
1. How do I configure port on slave 4545 so that slave server can start
listening on that port.
why do you need to listen on port 4545 instead of default 53?
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
We are but packets in the Internet of life (userfriendly.org)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Blason R
2018-05-18 07:41:05 UTC
Permalink
Hi there,

Thanks for the update and here is my config and error I am getting. Can you
please suggest correct method that should be implemented?


**************************
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};

zone "whitelist.allow" {
type master;
file "/var/lib/bind/zones/whitelist.allow";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};

zone "block.tld" {
type master;
file "/var/lib/bind/zones/block.tld.db";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};

**********************************



May 18 13:04:42 dnsfw named[1134]: using up to 4096 sockets
May 18 13:04:45 dnsfw named[1134]: loading configuration from
'/etc/bind/named.conf'
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:34:
missing ';' before '4444'*
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:43:
missing ';' before '4444'*
*May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-zones:52:
missing ';' before '4444'*
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
May 18 13:04:46 dnsfw rndc[1313]: rndc: connect failed: 127.0.0.1#953:
connection refused
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Control process exited,
code=exited status=1
Hi,
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
[...]
So here I am sending notification to 192.168.5.49 on port 4545; my
queries are
How do I configure port on slave 4545 so that slave server can start
listening on that port.
Your slave needs to be listening on the correct IP/port to receive the
NOTIFY. In the current BIND Administrator's Reference Manual[0], the
discussion on Interfaces starts at page 98.
And my master is failing after restarting the services due to
notify-them statement.
You don't indicate what the error is, but I'm willing to bet it's the fact
that you're trying to specify a masters list by name as well as a port. If
you look at the 'also-notify' statement definition, you can see that you're
able to use a 'masters' list OR an IP address and port combination, but not
both (ARM pp. 71). You should specify the port number as part of the
definition of the masters list, not where you use the masters list.
[0]: <https://www.isc.org/bind-9-11-arm/>
Blason R
2018-05-18 08:28:37 UTC
Permalink
Thats correct taht worked for me and checking further now.
Post by Blason R
Hi there,
Thanks for the update and here is my config and error I am getting. Can
you please suggest correct method that should be implemented?
I believe (but don't have a machine to confirm on) that the syntax should
also-notify { 192.168.5.49 port 4444;};
(note the lack of semicolon between the IP and "port 4444")
W
Post by Blason R
**************************
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};
zone "whitelist.allow" {
type master;
file "/var/lib/bind/zones/whitelist.allow";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};
zone "block.tld" {
type master;
file "/var/lib/bind/zones/block.tld.db";
notify explicit;
also-notify { 192.168.5.49; port 4444;};
allow-transfer {192.168.5.49; };
allow-query { localhost;};
};
**********************************
May 18 13:04:42 dnsfw named[1134]: using up to 4096 sockets
May 18 13:04:45 dnsfw named[1134]: loading configuration from
'/etc/bind/named.conf'
Post by Blason R
May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-
missing ';' before '4444'
Post by Blason R
May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-
missing ';' before '4444'
Post by Blason R
May 18 13:04:46 dnsfw named[1134]: /etc/bind/named.conf.default-
missing ';' before '4444'
Post by Blason R
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
connection refused
Post by Blason R
May 18 13:04:46 dnsfw systemd[1]: bind9.service: Control process exited,
code=exited status=1
Post by Blason R
Hi,
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
Post by Blason R
[...]
So here I am sending notification to 192.168.5.49 on port 4545; my
queries are
Post by Blason R
How do I configure port on slave 4545 so that slave server can start
listening on that port.
Post by Blason R
Your slave needs to be listening on the correct IP/port to receive the
NOTIFY. In the current BIND Administrator's Reference Manual[0], the
discussion on Interfaces starts at page 98.
Post by Blason R
And my master is failing after restarting the services due to
notify-them statement.
Post by Blason R
You don't indicate what the error is, but I'm willing to bet it's the
fact that you're trying to specify a masters list by name as well as a
port. If you look at the 'also-notify' statement definition, you can see
that you're able to use a 'masters' list OR an IP address and port
combination, but not both (ARM pp. 71). You should specify the port number
as part of the definition of the masters list, not where you use the
masters list.
Post by Blason R
[0]: <https://www.isc.org/bind-9-11-arm/>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
Post by Blason R
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
---maf
Matus UHLAR - fantomas
2018-05-18 14:00:43 UTC
Permalink
So here I am sending notification to 192.168.5.49 on port 4545; my queries
are
1. How do I configure port on slave 4545 so that slave server can start
listening on that port.
why do you need to listen on port 4545 instead of default 53?
Nah that is not my query; instead I wanted updates to be sent on other
port and not TCP/53. Queries let it happen on UDP 53
notify is also a query.
try it on port 53, maybe your problem won't appear there.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Matus UHLAR - fantomas
2018-05-18 18:11:46 UTC
Permalink
Okies so zone xfer would happen on TCP/53 correct and notify would be sent
on udp/53?
maybe and maybe not.
both tcp/53 nd udp/53 are mandatory, and both can be used for any kind of
DNS traffic.
Post by Matus UHLAR - fantomas
So here I am sending notification to 192.168.5.49 on port 4545; my queries
are
1. How do I configure port on slave 4545 so that slave server can
start
listening on that port.
On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas <
why do you need to listen on port 4545 instead of default 53?
Nah that is not my query; instead I wanted updates to be sent on other
port and not TCP/53. Queries let it happen on UDP 53
notify is also a query.
try it on port 53, maybe your problem won't appear there.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Continue reading on narkive:
Loading...