Slave server dose not use the source of received NOTIFY as its first choice of master
As described in RFC 1996:
Note: Because a deep server dependency graph may have multiple paths from the primary master to any given slave, it is possible that a slave will receive a NOTIFY from one of its known masters even though the rest of its known masters have not yet updated their copies of the zone. Therefore, when issuing a QUERY for the zone's SOA, the query should be directed at the known master who was the source of the NOTIFY event, and not at any of the other known masters. This represents a departure from [RFC1035], which specifies that upon expiry of the SOA REFRESH interval, all known masters should be queried in turn.
It is recommended to send SOA query directly to the NOTIFY source.
BIND9's source code seems to follow the rule, in function
/* * If type != T_SOA return DNS_R_NOTIMP. We don't yet support * ROLLOVER. * * SOA: RFC1996 * Check that 'from' is a valid notify source, (zone->masters). * Return DNS_R_REFUSED if not. * * If the notify message contains a serial number check it * against the zones serial and return if <= current serial * * If a refresh check is progress, if so just record the * fact we received a NOTIFY and from where and return. * We will perform a new refresh check when the current one * completes. Return ISC_R_SUCCESS. * * Otherwise initiate a refresh check using 'from' as the * first address to check. Return ISC_R_SUCCESS. */
The source of NOTIFY is recorded in
zone->notifyfrom but never used. In fact, the slave selects its master to refresh from beginning to end based on the
masters configuration order.
- Violates the RFC and the code design.
- If the first master is always available, its transfer load is heavy while other masters have nothing to do.
- A successful NOTIFY reception indicates that the master is available temporarily, pick it is better than pick any other unsure masters.
When issuing a QUERY for the zone's SOA, the query should be directed at the known master who was the source of the NOTIFY.
Links / references
A patch is attached. diff