0

On old server with Ubuntu 12 and Bind 9.8.1 I got the following "notify" category log entries as expected (domain names and IP addresses redacted):

27-Dec-2021 12:58:51.786 notify: debug 3: zone example.com/IN: sending notify to 1.2.3.4#53 27-Dec-2021 12:58:51.816 notify: debug 3: zone example.com/IN: notify response from 1.2.3.4#53: NOERROR

Log config in /etc/bind/named.conf.options:

logging { channel transfer_logfile { file "/var/log/named/transfer.log" versions 7 size 10m; severity debug 6; print-time yes; print-category yes; print-severity yes; }; category notify { transfer_logfile; }; };

With new server Ubuntu 18 and Bind 9.11.3 there are no "notify" category debug log entries anymore. The log does only contain entries of severity "info", e.g.

29-Dec-2021 12:00:33.475 notify: info: zone example.com/IN: sending notifies (serial 2021021001)

Log config in /etc/bind/named.conf.options with Bind 9.11.3 is exactly the same as on the old server with Bind 9.8.1:

logging { channel transfer_logfile { file "/var/log/named/transfer.log" versions 7 size 10m; severity debug 6; print-time yes; print-category yes; print-severity yes; }; category notify { transfer_logfile; }; };

I tested with severity debug 16 but that did not help. I tested with severity notice, that lead to the "info" log entries to disappear, so there is just nothing logged anymore for "notify" category, as expected.

I also run rndc trace six times, so in named.log was logged general: info: debug level is now 6 and did a rndc notify example.com, but again, no "notify" debug log entries.

I also tested with severity debug 6 in the default log channel, that lead to debug log entries for categories like "database" etc., so debug log is generally working.

How can I get the log entries "sending notify to ..." and "notify response from ..." back again in the "notify" category log of Bind 9.11.3?

(Crossposting question on bind-users mailing list)

Improve this question
3
  • is notify set in any zone or the bind config? Try adding notify yes; in a zone or in the options block of bind, restart and see if the notify comes up Commented Jan 4, 2022 at 10:23
  • Yes of course I have set global options { notify yes; in /etc/bind/named.conf.option. As I have posted, there are also "info" log messages about "sending notifies" for zones, what is only missing are the log lines of debug log level. Commented Jan 4, 2022 at 11:56
  • Try setting also-notify with the slave address in the config and see if a notify gets logged. Commented Jan 4, 2022 at 12:07

1 Answer 1

Reset to default
0

Problem was that the IP addresses of the to-be-notified nameservers (ns{1,2,3}.example.com) could not be resolved on the new host (which is wanted because it is a test host and there should be no port 53 communication to the external nameservers), and therefore the notification could not start at all.

Solution was to delegate the resolving to a forwarder, e.g.

zone "example.com" IN { type forward; forwarders { 1.1.1.1; 8.8.8.8; }; };

Now, the notification can start at all, but then the notifies fail as expected and the notify debug log messages appear.

But still, for this problem the logging was insufficient in the first place.

Improve this answer

You must log in to answer this question.