The nsnotifyd daemon monitors a set of DNS zones and runs a command
when any of them change. It listens for DNS NOTIFY messages so it can
respond to changes promptly. It also uses each zone's SOA refresh and
retry parameters to poll for updates if nsnotifyd does not receive
NOTIFY messages more frequently.
Anywhere you currently have a cron job which is monitoring updates to
DNS zones, you might want to run it under nsnotifyd instead of cron,
so your script runs as soon as the zone changes instead of running at
fixed intervals.
There is also a client program nsnotify for sending notify messages.
The 2.0 release (January 2022) adds TCP support to nsnotifyd and nsnotify
(for interoperability with Knot DNS),
and nsnotify can now rapidly send notifications for multiple zones.
Many thanks to DK Hostmaster
for sponsoring this work.
There are four example scripts described in the manual:
metazone allows you to use standard DNS mechanisms - AXFR, IXFR,
NOTIFY, UPDATE - to control the configuration of multiple name
servers, instead of using a separate out-of-band distribution system.
nsnotify2git records the history of changes to a set of zones.
nsnotify2stealth uses nsnotify-liststealth and nsnotify to
notify stealth secondaries so they get updates faster.
nsnotify2update uses nsdiff and nsupdate as part of a bump-in-the-wire
DNSSEC signer.
To read the nsnotifyd manual, run
$ man ./nsnotifyd.1
There are an HTML versions of the manual pages:
- nsnotifyd.1, the daemon
- nsnotify.1, the notifier
- metazone.1, the
metazoneexample script - metazone.5, the
metazonefile format - dumpaxfr.1, the
dumpaxfrdebugging utility
The nsnotifyd homepage is https://dotat.at/prog/nsnotifyd/
To install in your home directory,
$ ./configure
$ make all
$ make install
See the top of the Makefile for variables that control the install location, for example,
$ sudo make prefix=/usr/local install
On FreeBSD, use the nsnotifyd port or package
The main requirement is the BIND-8 libc resolver. Most BSDs ship
with a suitable resolver. On old Debian-like Linux you can apt install libbind4-dev (but it is no longer present in more recent
distributions). Otherwise, the configure script will download libbind
and build and link with it statically.
Download the full source archives:
- https://dotat.at/prog/nsnotifyd/nsnotifyd-2.1.tar.xz
- https://dotat.at/prog/nsnotifyd/nsnotifyd-2.1.tar.gz
- https://dotat.at/prog/nsnotifyd/nsnotifyd-2.1.zip
(Do not use GitHub's "Download ZIP" feature because it gives you a broken partial copy that contains neither dev support files nor release build output files.)
You can clone or browse the repository from:
- git://dotat.at/nsnotifyd.git
- https://dotat.at/cgi/git/nsnotifyd.git
- https://github.com/fanf2/nsnotifyd.git
- https://dotat.at/@/2024-06-12 nsnotifyd-2.1 announcement
- https://dotat.at/@/2022-01-25 nsnotifyd-2.0 announcement
- https://dotat.at/@/2015-07-02 nsnotifyd-1.1 announcement
- https://dotat.at/@/2015-06-15 nsnotifyd-1.0 announcement
- https://jpmens.net/2015/06/16/alert-on-dns-notify/ review by JP Mens
- https://www.theguardian.com/info/developer-blog/2016/dec/23/
how the Guardian synchronized their DNS between Dyn and AWS Route 53 with
nsnotifyd
And in other media...
- TechSNAP 329: teeny weeny DNS server - video review by Dan Langille
Please send bug reports or patches by email to me. I accept contributions made under the terms of 0BSD or MIT-0. Thanks to Gavin Brown, Niels Haarbo, Jonathan Hewlett, Dan Langille, Lars-Johann Liman, JP Mens, and Richard James Salts for helpful feedback and encouragement.
Written by Tony Finch <[email protected]> in Cambridge.
Permission is hereby granted to use, copy, modify, and/or distribute this software for any purpose with or without fee.
This software is provided 'as is', without warranty of any kind. In no event shall the authors be liable for any damages arising from the use of this software.
SPDX-License-Identifier: 0BSD OR MIT-0