BIND 9.11.4 fails to send expected notifies for zone which uses inline signing
Klaus H. reported this issue to us via the website bug submission form. He states:
We are using bind 9.11.3 on a dns server configuration with a hidden master. We are using dnssec (NSEC3) with inline signing taking place on the hidden master. The configuration works as expected. After upgrading to bind 9.11.4-P1 the hidden master no longer sends notifications to any other dns server.
Steps to reproduce
He says he does nothing special to cause the bug to manifest.
- bind 9.11.3 is running
- systemctl stop named-chroot
- uninstall bind 9.11.3
- install bind 9.11.4-P1
- systemctl start named-chroot
At that point bind does inline signing but does not send notifications when a signed zone is changed. Unsigned zones work as before.
This appears very similar to #438 (closed), although that issue was reported against 9.12.1. I rather suspect they will turn out to share a cause but I am creating this ticket separately until we have actual evidence to support that conclusion.