From: Klaus Darilion Date: Sun, 8 Jan 2017 22:15:01 +0000 (+0000) Subject: Do not resolve the NS-records for NOTIFY targets if the "only-notify" whitelist is... X-Git-Tag: auth-4.0.4-rc1~30^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8838856ca21176ad35ab66291c92160ea0bb4f9;p=thirdparty%2Fpdns.git Do not resolve the NS-records for NOTIFY targets if the "only-notify" whitelist is empty, as a target will never match an empty whitelist. (cherry picked from commit 99844905a8abcab33a3b8ed42d3a49f2e419a310) --- diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md index d3716a0cb7..b2b5a5252a 100644 --- a/docs/markdown/authoritative/settings.md +++ b/docs/markdown/authoritative/settings.md @@ -565,9 +565,18 @@ This is the server ID that will be returned on an EDNS NSID query. * IP Ranges, separated by commas or whitespace * Default: 0.0.0.0/0, ::/0 -Only send AXFR NOTIFY to these IP addresses or netmasks. The default is to -notify the world. The IP addresses or netmasks in [`also-notify`](#also-notify) -or ALSO-NOTIFY metadata always receive AXFR NOTIFY. +For type=MASTER zones (or SLAVE zones with slave-renotify enabled) PowerDNS +automatically sends NOTIFYs to the name servers specified in the NS records. +By specifying networks/mask as whitelist, the targets can be limited. The default +is to notify the world. To completely disable these NOTIFYs set only-notify to an +empty value. Independent of this setting, the IP addresses or netmasks in +[`also-notify`](#also-notify) or ALSO-NOTIFY metadata always receive AXFR NOTIFY. + +Note: Even if NOTIFYs are limited by a netmask, PowerDNS first has to resolve all the +hostnames to get IP addresses. Thus, PowerDNS relies on DNS. If the respective +authoritative name servers are slow, PowerDNS becomes slow too. To avoid this, set +only-notify to an empty value and specify the notification targets with ALSO-NOTIFY +and also-notify. ## `out-of-zone-additional-processing` * Boolean diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc index 82b0dbd0d0..2fd276217a 100644 --- a/pdns/mastercommunicator.cc +++ b/pdns/mastercommunicator.cc @@ -49,30 +49,32 @@ void CommunicatorClass::queueNotifyDomain(const DNSName &domain, UeberBackend *B DNSResourceRecord rr; FindNS fns; - B->lookup(QType(QType::NS),domain); - while(B->get(rr)) - nsset.insert(rr.content); - - for(set::const_iterator j=nsset.begin();j!=nsset.end();++j) { - vector nsips=fns.lookup(DNSName(*j), B); - if(nsips.empty()) - L<::const_iterator k=nsips.begin();k!=nsips.end();++k) { - const ComboAddress caIp(*k, 53); - if(!d_preventSelfNotification || !AddressIsUs(caIp)) { - if(!d_onlyNotify.match(&caIp)) - L<lookup(QType(QType::NS),domain); + while(B->get(rr)) + nsset.insert(rr.content); + + for(set::const_iterator j=nsset.begin();j!=nsset.end();++j) { + vector nsips=fns.lookup(DNSName(*j), B); + if(nsips.empty()) + L<::const_iterator k=nsips.begin();k!=nsips.end();++k) { + const ComboAddress caIp(*k, 53); + if(!d_preventSelfNotification || !AddressIsUs(caIp)) { + if(!d_onlyNotify.match(&caIp)) + L<::const_iterator j=ips.begin();j!=ips.end();++j) { - L<::const_iterator j=ips.begin();j!=ips.end();++j) { + L< alsoNotify(d_alsoNotify);