Setup
Having a Peplink Balance 310v2 running firmware 5.3.12 build 1150 configured as hidden primary DNS server, and three slave BIND 9 DNS servers. This setup results in fastest DNS query resolving because DNS queries are sent to the colocated (and fiber connected) BIND machines which have a 20 to 40 msec lower ping time than the ADSL/VDSL connections to the Balance DNS server. Having set the zone file SOA Refresh to: 86400 (sec) as is the RIPE recommended value (Recommendations for DNS SOA Values — RIPE Network Coordination Centre).
Result
After “Applying changes” on the Peplink, it takes up to 24 hours before each DNS slave has propagated the changes.
Why?
Because the authorative DNS server on the Peplink device does not sent out DNS notify messages. Modern DNS software implements NOTIFY [RFC 1996] and reduces the need for frequent SOA checks.
RFC 1996 is published almost 16 years ago: August 1996.
Request
After “Applying changes” on the Peplink, and in case there are changes in any zone files (changed serial number), do for each changed zone file, sent a “DNS notify packet” to each IP adress listed under “Zone Transfer”.
Result
Almost instantenious zone file updates on slave servers after editing the zone on the PePLink device.
An additional advantage of having DNS NOTIFY [RFC 1996] support is that PepLink Balance WAN links no longer need external dependencies. As these third party DDNS (dynamic DNS) providers like changeip.com, dyndns.org, no-ip.com or tzo.org. These dynamic DNS providers are becoming more annoying every year. They let you jump over hurdles and through more and more hoops for creating a free account. And these free accounts are more and more limited.
When there is DNS NOTIFY support built in PePLink, it should also be able to do a Dynamic DNS update on WAN IP change to its internal authorative DNS server, that as a result triggers a NOTIFY to the IP addresses that are allowed for zone transfers.
This way the colocated authorative DNS servers with fixed IP addresses are almost immediately notified of IP changes on the WAN link (faster), less dependencies on third parties (trust), where the tld can be restricted to the one used for the PepLink device (not limited to the tld’s offered by the DDNS provider).
When not having fixed IP addresses (or external Authorative DNS servers/service), and you want to use the PePLink Balance as Auth DNS server with dynamic assigned IP addresses to its WAN links, it would also be nice when the PePLink would update the NS glue records at the domain name registry via EPP (Extensible Provisioning Protocol) protocol.
Thanks for your suggestion and the use cases! It does make sense. We will implement DNS notify in the coming firmware. A DNS notify will be sent to a zone’s slave servers immediately whenever a change is made to a zone (e.g. for zone setting change, WAN IP address/status change, etc.).
FYI, the existing firmware already can update its own zone records for any WAN IP/status change. The serial number could also increase accordingly.
To my knowledge, EPP is typically used between registrars and is for changing a zone from one registrar to another. Could you give us some pointers for how some common registrars allow their customers to use EPP to update NS records?
I would say that is ok, but even the IP’s which are not listed under “DNS Settings > Zone Transfer” can be excluded.
What purpose is it to NOTIFY a host which is not allowed to do a “Zone Transfer” when settings are changed?
Or isn’t this a correct assumption?
Is there already beta firmware available for trying an implemented “sending DNS notify messages on applying zone file changes” feature request on Balance310v2?
Chiming in that this feature is still requested. We of course have secondary DNS servers and without notify we have to have a super low refresh interval on them in order to keep pace with the changes the Balance may make in response to link down events.
Just to update the requested feature (Zone Transfer - DNS Notify Message) is ready for firmware 6.3.0 & above. DNS secondary server will be notify when ever Primary DNS server having changes.
DNS Notify message will be send base on the “Allowed Clients” list.
For more information, please refer to the attached screenshot.