Hi, NSD 4.5.0rc1 pre-release is available https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz sha256 2143268818f0f840f9fbb99a9350eaa553ee9d0b3b325851dd14a7b815b0a6e7 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz.gpg This release fixes a couple of minor bugs and adds IXFR out functionality. With this functionality NSD can respond to IXFR queries and serve IXFR transfers downstream. It is default disabled, that means it does not store IXFR contents for zones by default. The response on the wire is different, also with IXFR disabled, because it is now supported, and thus also for those zones a reply is served, that no differential data is available. 4.5.0 ===============FEATURES: - Merge PR #209: IXFR out This adds IXFR out functionality to NSD. NSD can copy IXFRs from upstream to downstream clients, or create IXFRs from zonefiles. The options store-ixfr: yes and create-ixfr: yes can be used to turn this on. Default is turned off. The options ixfr-number and ixfr-size can be used to tune the number of IXFR transfers and total data size stored. This is configured per zone, the IXFRs are served to the hosts that are allowed to perform zone transfers. And if TSIG is configured, signed with the same key. The content is stored to file if a zonefile is configured for the zone, in the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain readable text format. The number of IXFRs is num.rixfr in statistics output, also per zone if per zone statistics are enabled. If offline, nsd-checkzone -i can create ixfr files. NSD already supports requesting IXFRs, this addition allows NSD to serve IXFR transfers to clients. NSD stops responding with NOTIMPL to IXFR requests, also for zones that do not have IXFR enabled. The clients gets a full zone reply or a status reply if the serial is up to date. BUG FIXES: - Fix code analyzer zero divide warning. - Fix code analyzer large value with assertion. - Fix another code analyzer zero divide warning. - Fix code analyzer warning about uninitialized temp storage in loop. - Fix spelling error in comment in svcbparam_lookup_key. - Update cirrus script FreeBSD version. Best regards, Wouter
Am 06.05.22 um 13:42 schrieb Wouter Wijngaards via nsd-users:> Hi, > > NSD 4.5.0rc1 pre-release is available > https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gzHello Wouter, this version compile without problems here and works at my small lab environment.> sha256 2143268818f0f840f9fbb99a9350eaa553ee9d0b3b325851dd14a7b815b0a6e7 > pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz.gpgshould end with .asc, not .gpg> This release fixes a couple of minor bugs and adds IXFR out > functionality. With this functionality NSD can respond to IXFR queries > and serve IXFR transfers downstream. > > It is default disabled,make sense ... But I would like the moment to point to segfaults I'm seeing more for years (https://lists.nlnetlabs.nl/pipermail/nsd-users/2019-June/002699.html) but not further discussed on this list yet. Today I found a new data point. I use to build NSD with libev. I see failures. I would say, they are related to process termination. Today I rebuild NSD with libevent and the failure goes away! To reproduce that I wrote two Dockerfile (attached) $ docker build -t nsd:libevent -f Dockerfile.libevent . ... Successfully tagged nsd:libevent $ docker run --rm -ti nsd:libevent [2022-05-06 21:18:42.056] nsd[1]: notice: nsd starting (NSD 4.5.0) [2022-05-06 21:18:42.096] nsd[7]: notice: nsd started (NSD 4.5.0), pid 1 <PRESS CTRL+C> [2022-05-06 21:18:43.979] nsd[7]: warning: signal received, shutting down... -> this is ok now let's build using libev $ docker build -t nsd:libev -f Dockerfile.libev . ... Successfully tagged nsd:libev $ docker run --rm -ti nsd:libev [2022-05-06 21:21:14.724] nsd[1]: notice: nsd starting (NSD 4.5.0) [2022-05-06 21:21:14.743] nsd[7]: notice: nsd started (NSD 4.5.0), pid 1 <PRESS CTRL+C> [2022-05-06 21:21:32.879] nsd[7]: warning: server 8 died unexpectedly, restarting [2022-05-06 21:21:32.879] nsd[7]: warning: signal received, shutting down... [2022-05-06 21:21:32.884] nsd[9]: error: mode bad value 2, back to service. -> I think, this should not happen... I mentioned process termination. I see similar segfaults if NSD as slave receive new data via axfr. One server's log fill up with segfaul messages, but the data received via axfr are valid! The segfault seem to happen very close to a NSD process end. Andreas - -------------- next part -------------- # docker build -t nsd:libevent -f Dockerfile.libevent . FROM debian:bullseye-slim AS builder RUN apt-get --quiet --yes update RUN apt-get --quiet --yes install --no-install-recommends \ build-essential \ libevent-dev \ libssl-dev WORKDIR /tmp/ ADD https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz . RUN tar xzf nsd-4.5.0rc1.tar.gz --strip-component=1 RUN ./configure RUN make RUN make install FROM debian:bullseye-slim COPY --from=builder /usr/local/ /usr/local/ RUN useradd nsd \ && install -d /etc/nsd/ \ && install -d -o nsd /var/db/nsd/ \ && touch /etc/nsd/nsd.conf \ && apt-get --quiet --yes update \ && apt-get --quiet --yes install --no-install-recommends \ libevent-2.1 \ libssl1.1 \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* CMD [ "/usr/local/sbin/nsd", "-d" ] -------------- next part -------------- # docker build -t nsd:libev -f Dockerfile.libev . FROM debian:bullseye-slim AS builder RUN apt-get --quiet --yes update RUN apt-get --quiet --yes install --no-install-recommends \ build-essential \ libev-libevent-dev \ libssl-dev WORKDIR /tmp/ ADD https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz . RUN tar xzf nsd-4.5.0rc1.tar.gz --strip-component=1 RUN ./configure RUN make RUN make install FROM debian:bullseye-slim COPY --from=builder /usr/local/ /usr/local/ RUN useradd nsd \ && install -d /etc/nsd/ \ && install -d -o nsd /var/db/nsd/ \ && touch /etc/nsd/nsd.conf \ && apt-get --quiet --yes update \ && apt-get --quiet --yes install --no-install-recommends \ libev4 \ libssl1.1 \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* CMD [ "/usr/local/sbin/nsd", "-d" ]
Hi, NSD 4.5.0 is available https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0.tar.gz sha256 5ae7a704ab92c8a49f3c8f3a29565ce194c51a721c29c75ea7d43c13372d79c5 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0.tar.gz.asc This release fixes a couple of minor bugs and adds IXFR out functionality. With this functionality NSD can respond to IXFR queries and serve IXFR transfers downstream. It is default disabled, that means it does not store IXFR contents for zones by default. The response on the wire is different, also with IXFR disabled, because it is now supported, and thus also for those zones a reply is served, that no differential data is available. 4.5.0 ===============FEATURES: - Merge PR #209: IXFR out This adds IXFR out functionality to NSD. NSD can copy IXFRs from upstream to downstream clients, or create IXFRs from zonefiles. The options store-ixfr: yes and create-ixfr: yes can be used to turn this on. Default is turned off. The options ixfr-number and ixfr-size can be used to tune the number of IXFR transfers and total data size stored. This is configured per zone, the IXFRs are served to the hosts that are allowed to perform zone transfers. And if TSIG is configured, signed with the same key. The content is stored to file if a zonefile is configured for the zone, in the zonefile.ixfr and zonefile.ixfr.2, .. files. They contain readable text format. The number of IXFRs is num.rixfr in statistics output, also per zone if per zone statistics are enabled. If offline, nsd-checkzone -i can create ixfr files. NSD already supports requesting IXFRs, this addition allows NSD to serve IXFR transfers to clients. NSD stops responding with NOTIMPL to IXFR requests, also for zones that do not have IXFR enabled. The clients gets a full zone reply or a status reply if the serial is up to date. BUG FIXES: - Fix code analyzer zero divide warning. - Fix code analyzer large value with assertion. - Fix another code analyzer zero divide warning. - Fix code analyzer warning about uninitialized temp storage in loop. - Fix spelling error in comment in svcbparam_lookup_key. - Update cirrus script FreeBSD version. Best regards, Wouter