Thread-Index: AQHS+qkYxqsMI2lxzES8ZiF/71RjkqJQaHZQ X-RT-Incoming-Encryption: Not encrypted Content-Transfer-Encoding: base64 Subject: RE: 9.11.1-P2, 9.10.5-P2 - "key" option for also-notify/masters broken when using masters name [ISC-Bugs #45495] Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 2273DD78ADC for ; Wed, 12 Jul 2017 17:03:25 +0000 (UTC) Received: from relay02.slacker.com (relay02.slacker.com [204.239.14.14]) by mx.pao1.isc.org (Postfix) with ESMTP id CDC0034942B for ; Wed, 12 Jul 2017 17:03:22 +0000 (UTC) Received: from exhub-01.corp.bbi.com (exhub-01.corp.bbi.com [10.11.1.47]) by relay02.slacker.com (Postfix) with ESMTP id 9F700BD0D0 for ; Wed, 12 Jul 2017 10:03:22 -0700 (PDT) Received: from CORPMAIL-01.corp.bbi.com ([fe80::9829:b8f4:1f8b:7100]) by exhub-01.corp.bbi.com ([fe80::84e0:cf3:2fd7:4096%10]) with mapi id 14.01.0438.000; Wed, 12 Jul 2017 10:03:22 -0700 To: "bind9-confidential@isc.org" Content-Language: en-US MIME-Version: 1.0 X-Originating-Ip: [10.10.1.113] X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org Delivered-To: bind9-confidential@bugs.isc.org Accept-Language: en-US X-MS-Has-Attach: References: Thread-Topic: 9.11.1-P2, 9.10.5-P2 - "key" option for also-notify/masters broken when using masters name [ISC-Bugs #45495] Message-ID: <8F1C038C8E690A48BC0AF09B2765E7ED4681747D@corpmail-01.corp.bbi.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 Date: Wed, 12 Jul 2017 17:03:21 +0000 In-Reply-To: content-type: text/plain; charset="utf-8" X-RT-Interface: Email X-MS-Tnef-Correlator: X-Original-To: bind9-confidential@bugs.isc.org From: "Simon Ferrett" Return-Path: X-RT-Original-Encoding: utf-8 From sferrett@slacker.com Wed Jul 12 17:03:25 2017 RT-Message-ID: Content-Length: 1602 Sounds good - In my configuration, the intent of including the key in the 'also-notify' section in a view on the master server is so that the notify messages being sent from master to slave correctly tell the slave which view needs refreshing (by tagging the notify with the view's tsig). It appears to work as I expected, however it's possible something else in my configuration is causing the correct behavior and including the key in the 'also-notify' is superfluous. It was curious that with the latest version if I put the IP address of the master (rather than the name) in the also-notify, the 'key xxx' was allowed, so there's a little ambiguity in the current behavior, aside from the documentation maybe being incorrect. Anyhow, thanks again for the feedback - Cheers, Simon. -----Original Message----- From: Evan Hunt via RT [mailto:bind9-confidential@isc.org] Sent: Tuesday, July 11, 2017 5:52 PM To: Simon Ferrett Subject: 9.11.1-P2, 9.10.5-P2 - "key" option for also-notify/masters broken when using masters name [ISC-Bugs #45495] This appears to have been introduced in commit aa49af836, which added a correctness check to also-notify clauses that hadn't been there before. What I haven't worked out yet is whether the code is correct and that also-notify statement is invalid (in which case the doc should be fixed), or whether the also-notify statement is valid and the code is being overly restrictive. The fact that it was accepted by earlier versions of named doesn't necessarily mean it was working correctly at the time. I'll keep looking.