descriptionhandle DNS NOTIFY messages by running a command
last changeWed, 16 Dec 2015 20:31:21 +0000 (20:31 +0000)

nsnotifyd: handle DNS NOTIFY messages by running a command

The nsnotifyd daemon monitors a set of DNS zones and runs a command when any of them change. It listens for DNS NOTIFY messages so it can respond to changes promptly. It also uses each zone's SOA refresh and retry parameters to poll for updates if nsnotifyd does not receive NOTIFY messages more frequently.

Anywhere you currently have a cron job which is monitoring updates to DNS zones, you might want to run it under nsnotifyd instead of cron, so your script runs as soon as the zone changes instead of running at fixed intervals.

There is also a client program nsnotify for sending notify messages.


There are four example scripts described in the manual:

metazone allows you to use standard DNS mechanisms - AXFR, IXFR, NOTIFY, UPDATE - to control the configuration of multiple name servers, instead of using a separate out-of-band distribution system.

nsnotify2git records the history of changes to a set of zones.

nsnotify2stealth uses nsnotify-liststealth and nsnotify to notify stealth secondaries so they get updates faster.

nsnotify2update uses nsdiff and nsupdate as part of a bump-in-the-wire DNSSEC signer.


To read the nsnotifyd manual, run

    $ man ./nsnotifyd.1

or read online in plain text or PDF formats.

There are separate man pages for nsnotify in plain text or PDF, the metazone script in plain text or PDF and the metazone format in plain text or PDF.

The nsnotifyd homepage is

Build and install

To install in your home directory,

    $ ./configure
    $ make all
$ make install

See the top of the Makefile for variables that control the install location, for example,

    $ sudo make prefix=/usr/local install

You need to use GNU make to build the preformatted documentation.


The main requirement is the BIND-8 libc resolver. BSD and Mac OS ship with a sufficiently recent resolver. On a Debian-like Linux you should install libbind4-dev. Otherwise, the configure script will download libbind and build and link with it statically.

Latest release

Download the full source archives:

Source repositories

You can clone or browse the repository from:

Articles about nsnotifyd

Please send bug reports or patches to me. I accept contributions made under the terms of CC0. Thanks to JP Mens, Gavin Brown, and Richard James Salts for helpful feedback and encouragement.

Written by Tony Finch
at Cambridge University Information Services.

You may do anything with this. It has no warranty.

2015-12-16 Tony Finchnsnotifyd-1.6 master nsnotifyd-1.6
2015-11-02 Tony Finchnsnotify: fix usage message
2015-10-30 Tony Finchnsnotify2stealth: fix logfile age check.
2015-10-30 Tony Finchnsnotifyd.1: suggest unique port numbers for example...
2015-10-30 Tony Finchnsnotifyd.1: missing words
2015-10-19 Tony Finchmetazone: better citation for Vixie's paper
2015-08-11 Tony FinchPublish more man pages on the web
2015-07-28 Tony Finchnsnotifyd-1.5 nsnotifyd-1.5
2015-07-20 Tony Finchnsnotify: set RD=0 in notify messages
2015-07-20 Tony Finchnsnotifyd: update manual
2015-07-20 Tony Finchnsnotifyd: allow SOA intervals to be overridden
2015-07-20 Tony Finchnsnotifyd: add jitter to SOA refresh timing
2015-07-20 Tony Finchnsnotifyd: factor out SOA time parameter limits
2015-07-14 Tony Finchmetazone: better compatibility with Vixie metazones
2015-07-11 Tony FinchCross-references to metazone in README and nsnotifyd(1)
2015-07-11 Tony Finchmetazone: documentation
18 months ago nsnotifyd-1.6 nsnotifyd-1.6
23 months ago nsnotifyd-1.5 nsnotifyd-1.5
23 months ago nsnotifyd-1.4 nsnotifyd-1.4
23 months ago nsnotifyd-1.3 nsnotifyd-1.3
23 months ago nsnotifyd-1.2 nsnotifyd-1.2
23 months ago nsnotifyd-1.1 nsnotifyd-1.1
2 years ago nsnotifyd-1.0 nsnotifyd-1.0
2 years ago nsnotifyd-0 nsnotifyd-0
18 months ago master