Skip to content

handle DNS NOTIFY messages by running a command

Notifications You must be signed in to change notification settings

fanf2/nsnotifyd

Repository files navigation

nsnotifyd: scripted DNS NOTIFY handler

The nsnotifyd daemon monitors a set of DNS zones and runs a command when any of them change. It listens for DNS NOTIFY messages so it can respond to changes promptly. It also uses each zone's SOA refresh and retry parameters to poll for updates if nsnotifyd does not receive NOTIFY messages more frequently.

Anywhere you currently have a cron job which is monitoring updates to DNS zones, you might want to run it under nsnotifyd instead of cron, so your script runs as soon as the zone changes instead of running at fixed intervals.

There is also a client program nsnotify for sending notify messages.

The 2.0 release (January 2022) adds TCP support to nsnotifyd and nsnotify (for interoperability with Knot DNS), and nsnotify can now rapidly send notifications for multiple zones. Many thanks to DK Hostmaster for sponsoring this work.

Examples

There are four example scripts described in the manual:

metazone allows you to use standard DNS mechanisms - AXFR, IXFR, NOTIFY, UPDATE - to control the configuration of multiple name servers, instead of using a separate out-of-band distribution system.

nsnotify2git records the history of changes to a set of zones.

nsnotify2stealth uses nsnotify-liststealth and nsnotify to notify stealth secondaries so they get updates faster.

nsnotify2update uses nsdiff and nsupdate as part of a bump-in-the-wire DNSSEC signer.

Documentation

To read the nsnotifyd manual, run

    $ man ./nsnotifyd.1

There are an HTML versions of the manual pages:

The nsnotifyd homepage is https://dotat.at/prog/nsnotifyd/

Build and install

To install in your home directory,

    $ ./configure
    $ make all
    $ make install

See the top of the Makefile for variables that control the install location, for example,

    $ sudo make prefix=/usr/local install

On FreeBSD, use the nsnotifyd port or package

Dependencies

The main requirement is the BIND-8 libc resolver. Most BSDs ship with a suitable resolver. On old Debian-like Linux you can apt install libbind4-dev (but it is no longer present in more recent distributions). Otherwise, the configure script will download libbind and build and link with it statically.

Latest release

Download the full source archives:

(Do not use GitHub's "Download ZIP" feature because it gives you a broken partial copy that contains neither dev support files nor release build output files.)

Source repositories

You can clone or browse the repository from:

Articles about nsnotifyd

And in other media...

Contributing

Please send bug reports or patches by email to me. I accept contributions made under the terms of 0BSD or MIT-0. Thanks to Gavin Brown, Niels Haarbo, Jonathan Hewlett, Dan Langille, Lars-Johann Liman, JP Mens, and Richard James Salts for helpful feedback and encouragement.

Licence

Written by Tony Finch <[email protected]> in Cambridge.

Permission is hereby granted to use, copy, modify, and/or distribute this software for any purpose with or without fee.

This software is provided 'as is', without warranty of any kind. In no event shall the authors be liable for any damages arising from the use of this software.

SPDX-License-Identifier: 0BSD OR MIT-0

this is a zero-conditions libre software licence