Hi,
I build a docker container with nsd ( configure; make; make install )
With a very simple nsd.conf I could run nsd, do "pkill nsd" and see
zombies.
root at 497d872b1c91:/# cat <<EOF > /usr/local/etc/nsd/nsd.conf
server:
database: ""
pidfile: ""
verbosity: 9
EOF
root at 497d872b1c91:/# ps afx
PID TTY STAT TIME COMMAND
19 pts/0 Ss 0:00 bash
28 pts/0 R+ 0:00 \_ ps afx
1 ? Ss 0:00 /bin/sleep infinity
root at 497d872b1c91:/# nsd
[2021-02-15 16:45:08.484] nsd[29]: notice: nsd starting (NSD 4.3.5)
[2021-02-15 16:45:08.484] nsd[29]: notice: listen on ip-address ::@53 (udp) with
server(s): *
[2021-02-15 16:45:08.485] nsd[29]: notice: listen on ip-address ::@53 (tcp) with
server(s): *
[2021-02-15 16:45:08.485] nsd[29]: notice: listen on ip-address 0.0.0.0 at 53
(udp) with server(s): *
[2021-02-15 16:45:08.485] nsd[29]: notice: listen on ip-address 0.0.0.0 at 53
(tcp) with server(s): *
root at 497d872b1c91:/# sleep 10
root at 497d872b1c91:/# pkill nsd
root at 497d872b1c91:/# ps afx
PID TTY STAT TIME COMMAND
19 pts/0 Ss 0:00 bash
35 pts/0 R+ 0:00 \_ ps afx
1 ? Ss 0:00 /bin/sleep infinity
30 ? Zs 0:00 [nsd: xfrd] <defunct>
32 ? Z 0:00 [nsd: server 1] <defunct>
the container is started with "network-mode: none".
root at 497d872b1c91:/# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
notice, NSD log "listen on ip-address ::@53" while IPv6 isn't
present.
adding "do-ip6: no" to the configuration above doesn't change
anything beside NSD do not listen on IPv6.
running NSD non forking add some logging:
root at 3ee5f805fbb9:/# nsd -d
[2021-02-15 16:55:18.077] nsd[35]: notice: nsd starting (NSD 4.3.5)
[2021-02-15 16:55:18.077] nsd[35]: notice: listen on ip-address 0.0.0.0 at 53
(udp) with server(s): *
[2021-02-15 16:55:18.077] nsd[35]: notice: listen on ip-address 0.0.0.0 at 53
(tcp) with server(s): *
[2021-02-15 16:55:18.255] nsd[36]: notice: nsd started (NSD 4.3.5), pid 35
^C[2021-02-15 16:55:21.463] nsd[36]: warning: signal received, shutting down...
[2021-02-15 16:55:21.463] nsd[36]: error: problems sending command 11 to server
37: Broken pipe
any ideas what else I could check / I'm doing wrong ?
Andreas
Am 15.02.21 um 16:56 scrunchie A. Schulze via nsd-users:> I build a docker container with nsd ( configure; make; make install ) > With a very simple nsd.conf I could run nsd, do "pkill nsd" and see zombies.I made some tests to eliminate some variables. 1. I use to run docker on Debian. Docker is available as docker-ce provided by the docker.com company. The upcoming Debian 11/Bullseye provide also a version simply not built by docker.com but the Debian team. -> switching between these two docker versions makes no difference. 2. Docker makes it easy to run same code on different platforms. Said that, I moved a container from a one docker-ce running on Debian/11 to an other host with same docker-ce running in Debian/10. Still zombies. Moving to the next host running docker-ca on Debian/9 change the picture. No zombies anymore. To be clear: only the hostsystem, running the docker daemon, changed. The container image was always the same (NSD using Debian11/Bullseye libraries) strange ... Andreas
Hello Andreas, On Mon, 2021-02-15 at 16:56 +0100, A. Schulze via nsd-users wrote:> root at 497d872b1c91:/# ps afx > PID TTY STAT TIME COMMAND > 19 pts/0 Ss 0:00 bash > 28 pts/0 R+ 0:00 \_ ps afx > 1 ? Ss 0:00 /bin/sleep infinityExited processes always become zombies, until their parent reaps them. Usually this happens so quickly that you never even notice you had any zombies! If the parent process of an unreaped zombie disappears, the zombie is reparented to PID 1. On 'normal' systems (i.e. not inside Docker containers), PID 1 is an init process that is ready to reap any zombie it finds. /bin/sleep infinity (even if it does contain the string 'init'!) is not such an init process. If you pass '--init' to 'docker run', Docker will install a small init (called tini - tiny init, get it? :-) ) as PID 1 in your container, and that will reap the zombies for you. If you are not using 'docker run', consult the documentation for whatever you are using to manage your containers. I promise it will have a similar flag. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/