Hello and welcome to the Peplink / Pepwave Community Forum, !! Is this your first visit?
Register
+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1

    implement DNS notify (sending DNS notify messages) on applying zone file changes

    Setup
    Having a Peplink Balance 310v2 running firmware 5.3.12 build 1150 configured as hidden primary DNS server, and three slave BIND 9 DNS servers. This setup results in fastest DNS query resolving because DNS queries are sent to the colocated (and fiber connected) BIND machines which have a 20 to 40 msec lower ping time than the ADSL/VDSL connections to the Balance DNS server. Having set the zone file SOA Refresh to: 86400 (sec) as is the RIPE recommended value (http://www.ripe.net/ripe/docs/ripe-203).

    Result
    After "Applying changes" on the Peplink, it takes up to 24 hours before each DNS slave has propagated the changes.

    Why?
    Because the authorative DNS server on the Peplink device does not sent out DNS notify messages. Modern DNS software implements NOTIFY [RFC 1996] and reduces the need for frequent SOA checks.
    RFC 1996 is published almost 16 years ago: August 1996.

    Request
    After "Applying changes" on the Peplink, and in case there are changes in any zone files (changed serial number), do for each changed zone file, sent a "DNS notify packet" to each IP adress listed under "Zone Transfer".

    Result
    Almost instantenious zone file updates on slave servers after editing the zone on the PePLink device.

    Sample code
    Like the script below does for djbdns/tinydns server (script source http://tinydns.org/dnsnotify).
    Code:
    #!/usr/bin/perl -w
    
    
    # usage: dnsnotify zone slave [...]
    # example: dnsnotify example.org 1.2.3.4 1.2.3.5
    
    
    use Net::DNS;
    
    
    $zone = shift;
    @master_ns = @ARGV;
    
    
    $res = new Net::DNS::Resolver;
    
    
    foreach $ns (@master_ns) {
    	$packet = new Net::DNS::Packet($zone, "SOA", "IN");
    	die unless defined $packet;
    
    
    	($packet->header)->opcode("NS_NOTIFY_OP");
    	($packet->header)->rd(0);
    	($packet->header)->aa(1);
    
    
    	$res->nameservers($ns);
    
    
    	# Prints outgoing packet - the NOTIFY
    	# $packet->print;
    
    
    	$reply = $res->send($packet);
    
    
    	if (defined $reply) {
    		
    			print "Received NOTIFY answer from " . $reply->answerfrom . "\n";
    			# Print received packet - the answer
    			# $reply->print;
    	
    	} else {
    	
    		warn "\$res->send indicates NOTIFY error for $ns\n";
    	}
    }
    
    
    exit 0;

  2. #2

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    An additional advantage of having DNS NOTIFY [RFC 1996] support is that PepLink Balance WAN links no longer need external dependencies. As these third party DDNS (dynamic DNS) providers like changeip.com, dyndns.org, no-ip.com or tzo.org. These dynamic DNS providers are becoming more annoying every year. They let you jump over hurdles and through more and more hoops for creating a free account. And these free accounts are more and more limited.

    When there is DNS NOTIFY support built in PePLink, it should also be able to do a Dynamic DNS update on WAN IP change to its internal authorative DNS server, that as a result triggers a NOTIFY to the IP addresses that are allowed for zone transfers.

    This way the colocated authorative DNS servers with fixed IP addresses are almost immediately notified of IP changes on the WAN link (faster), less dependencies on third parties (trust), where the tld can be restricted to the one used for the PepLink device (not limited to the tld's offered by the DDNS provider).

  3. #3

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    When not having fixed IP addresses (or external Authorative DNS servers/service), and you want to use the PePLink Balance as Auth DNS server with dynamic assigned IP addresses to its WAN links, it would also be nice when the PePLink would update the NS glue records at the domain name registry via EPP (Extensible Provisioning Protocol) protocol.
    Last edited by crashplan_probackup_nl; 05-02-2012 at 04:18 AM.

  4. #4
    The Peplink/Pepwave Team Michael Chan's Avatar
    Join Date
    Jan 2011
    Posts
    163

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    Thanks for your suggestion and the use cases! It does make sense. We will implement DNS notify in the coming firmware. A DNS notify will be sent to a zone's slave servers immediately whenever a change is made to a zone (e.g. for zone setting change, WAN IP address/status change, etc.).

    FYI, the existing firmware already can update its own zone records for any WAN IP/status change. The serial number could also increase accordingly.

    To my knowledge, EPP is typically used between registrars and is for changing a zone from one registrar to another. Could you give us some pointers for how some common registrars allow their customers to use EPP to update NS records?

    Thanks,
    Michael

  5. #5
    Active Member
    Join Date
    Jan 2012
    Posts
    74

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    Quote Originally Posted by Michael Chan View Post
    Thanks for your suggestion and the use cases! It does make sense. We will implement DNS notify in the coming firmware. A DNS notify will be sent to a zone's slave servers immediately whenever a change is made to a zone (e.g. for zone setting change, WAN IP address/status change, etc.).
    Thanks. How will zone's slave servers be determined?

    Quote Originally Posted by Michael Chan View Post
    FYI, the existing firmware already can update its own zone records for any WAN IP/status change. The serial number could also increase accordingly.
    You are right, thanks for pointing me into this direction.

    Quote Originally Posted by Michael Chan View Post
    To my knowledge, EPP is typically used between registrars and is for changing a zone from one registrar to another. Could you give us some pointers for how some common registrars allow their customers to use EPP to update NS records?
    Indeed this EPP idea might not reach a broad audience, as we are a registrar, and most of Peplink's customers will not.

  6. #6
    The Peplink/Pepwave Team Michael Chan's Avatar
    Join Date
    Jan 2011
    Posts
    163

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    A zone's slave servers are those on the NS record list excluding the IP address(es) that the Peplink's DNS server is listening on.

  7. #7
    Active Member
    Join Date
    Jan 2012
    Posts
    74

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    Quote Originally Posted by Michael Chan View Post
    A zone's slave servers are those on the NS record list excluding the IP address(es) that the Peplink's DNS server is listening on.
    I would say that is ok, but even the IP's which are not listed under "DNS Settings > Zone Transfer" can be excluded.
    What purpose is it to NOTIFY a host which is not allowed to do a "Zone Transfer" when settings are changed?
    Or isn't this a correct assumption?

  8. #8
    The Peplink/Pepwave Team Michael Chan's Avatar
    Join Date
    Jan 2011
    Posts
    163

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    Yes, your assumption is correct. IP's which are not listed under "DNS Settings > Zone Transfer" will be excluded too. Thanks for your suggestion.

  9. #9
    Active Member
    Join Date
    Jan 2012
    Posts
    74

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    Is there already beta firmware available for trying an implemented "sending DNS notify messages on applying zone file changes" feature request on Balance310v2?

  10. #10
    The Peplink/Pepwave Team Michael Chan's Avatar
    Join Date
    Jan 2011
    Posts
    163

    Re: implement DNS notify (sending DNS notify messages) on applying zone file changes

    The feature request is already in our pipeline. When a beta firmware is available, we will let you know.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts