nsnotifyd-2.4 released

https://dotat.at/@/2026-02-24-nsnotifyd-2-4-released.html

The nsnotifyd daemon monitors a set of DNS zones and runs a command when any of them change. It listens for DNS NOTIFY messages so it can respond to changes promptly. It also uses each zone's SOA refresh and retry parameters to poll for updates if nsnotifyd does not receive NOTIFY messages more frequently. It comes with a client program nsnotify for sending notify messages.

This nsnotifyd-2.4 release includes a new feature and some bug fixes:

• The new -S option tells nsnotifyd to send all SOA queries to a specific server.

  Previously, in response to a NOTIFY message, it would send a SOA query back to the source of the NOTIFY, as specified by RFC 1996.

  (Typically, a NOTIFY will only be accepted from a known authoritative server for the zone. The target of the NOTIFY responds with a SOA refresh query and zone transfer. But it should avoid trying to refresh from one of the other authoritative servers which might not have received the latest version of the zone.)

  Mark Felder encountered a situation where it would have been more convenient to fix the address that nsnotifyd sends SOA queries to, because the source of the NOTIFY messages wasn't responding on that address.

  Since nsnotifyd is intended to work as glue between disparate parts of a system, it makes sense for it to work around awkward interoperability problems.

• The nsnotify client program was broken and unable to create NOTIFY messages. D'oh!

• I have adjusted the release process so that it works better with git archive and web front-ends that offer tarball downloads.