Hi,
I'm having a number of problems with my NSD 3. I am trying to serve SE, as
a AXFR client, with the following config file: (some obfuscation
performed.. )
server:
# uncomment to specify specific interfaces to bind (default all).
ip-address: 192.36.125.102
ip-address: 127.0.0.1
ip-address: ::1
# enable debug mode for nsd, does not fork daemon process.
# (debug mode disables slave zone functionalities)
# debug-mode: no
# ip4-only: no
# ip6-only: no
# the database to use
database: "/var/nsd/nsd.db"
# identify the server (CH TXT ID.SERVER entry).
identity: "F.NS.SE"
# log messages to file. Default to stderr and syslog.
logfile: "/var/nsd/nsd.log"
# Number of NSD servers to fork.
# server-count: 1
# Maximum number of concurrent TCP connections per server.
# tcp-count: 10
# File to store pid for nsd in.
pidfile: "/var/run/nsd.pid"
# port to answer queries on. default is 53.
port: 53
# statistics are produced every number of seconds.
statistics: 300
# After binding socket, drop user privileges.
# can be a username, id or id.gid.
username: nsd
# The directory for zonefile: files.
zonesdir: /var/nsd
# The file where incoming zone transfers are stored.
# run nsd-patch to update zone files, then you can safely delete it.
difffile: "/var/nsd/ixfr.db"
# The file where secondary zone refresh and expire timeouts are
kept.
# If you delete this file, all secondary zones are forced to be
# 'refreshing' (as if nsd got a notify).
xfrdfile: "/var/nsd/xfrd.state"
# Number of seconds between reloads triggered by xfrd.
# xfrd-reload-timeout: 10
# Sample zone 1
zone:
name: "se"
zonefile: "/var/nsd/se.zone"
# This is a slave zone. Masters are listed below.
allow-notify: 192.0.2.47 secret-key
request-xfr: 192.0.2.47 secret-key
allow-notify: 192.0.2.11 secret-key
request-xfr: 192.0.2.11 secret-key
# uncomment to provide AXFR to all the world
provide-xfr: 192.36.125.0/24 secret-key
# for nsdc
allow-notify: ::1 NOKEY
allow-notify: 127.0.0.1 NOKEY
key:
name: secret-key
algorithm: hmac-md5
secret: "DEADBEEFDEADBEEF"
The symptoms are that even when I'm manually triggering updates (nsdc
update) there is no zone update performed. The masters are said to be
sending notifies.
The only way I can get new zones in is by stopping NSD, and removing old
data files.
Very little is logged, no notifies, nothing. A 'bash-x nsdc update'
yields:
ash-3.00# bash -x nsdc update
+ ulimit -m unlimited
+ ulimit -d unlimited
+ configfile=/etc/nsd/nsd.conf
+ sbindir=/usr/local/sbin
+ ZONEC_VERBOSE=-v
+ test xupdate = x-c
+ nsd_checkconf+ '[' -e /usr/local/sbin/nsd-checkconf ']'
+ nsd_checkconf=/usr/local/sbin/nsd-checkconf
+ /usr/local/sbin/nsd-checkconf /etc/nsd/nsd.conf
+ test 0 -ne 0
++ /usr/local/sbin/nsd-checkconf -o database /etc/nsd/nsd.conf
+ dbfile=/var/nsd/nsd.db
++ /usr/local/sbin/nsd-checkconf -o pidfile /etc/nsd/nsd.conf
+ pidfile=/var/run/nsd.pid
+ lockfile=/var/nsd/nsd.db.lock
++ dirname /usr/local/sbin/nsd-checkconf
+ sbindir=/usr/local/sbin
+ noclobber_set='set -C'
+ echo /usr/pkg/bin/bash
+ grep tcsh
+ case "$1" in
+ echo 'Sending notify to localhost to update secondary zones...'
Sending notify to localhost to update secondary zones...
+ '[' -s /var/run/nsd.pid ']'
++ /usr/local/sbin/nsd-checkconf -o zones /etc/nsd/nsd.conf
+ zoneslist=se
+ for zonename in '${zoneslist}'
++ /usr/local/sbin/nsd-checkconf -z se -o allow-notify /etc/nsd/nsd.conf
+ notify_allow='192.0.2.47 secret-key
192.0.2.11 secret-key
::1 NOKEY
127.0.0.1 NOKEY'
+ send_updates se 192.0.2.47 secret-key 192.0.2.11 secret-key
+ local zonename=se
+ shift
++ /usr/local/sbin/nsd-checkconf -o port /etc/nsd/nsd.conf
+ port=53
+ test -n 53
+ port='-p 53'
+ update_sent=no
+ (( 8 > 0 ))
+ ip_spec=192.0.2.47
+ key_spec=secret-key
+ shift 2
+ test Z192.0.2.47 = Z127.0.0.1 -o Z192.0.2.47 = Z::1
+ (( 6 > 0 ))
+ ip_spec=192.0.2.11
+ key_spec=secret-key
+ shift 2
+ test Z1192.0.2.11 = Z127.0.0.1 -o Z192.0.2.11 = Z::1
+ (( 4 > 0 ))
+ ip_spec=::1
+ key_spec=NOKEY
+ shift 2
+ test Z::1 = Z127.0.0.1 -o Z::1 = Z::1
+ secret+ test KNOKEY '!=' KNOKEY -a KNOKEY '!=' KBLOCKED
+ test KNOKEY '!=' KBLOCKED
+ /usr/local/sbin/nsd-notify -p 53 -z se ::1
+ update_sent=yes
+ (( 2 > 0 ))
+ ip_spec=127.0.0.1
+ key_spec=NOKEY
+ shift 2
+ test Z127.0.0.1 = Z127.0.0.1 -o Z127.0.0.1 = Z::1
+ secret+ test KNOKEY '!=' KNOKEY -a KNOKEY '!=' KBLOCKED
+ test KNOKEY '!=' KBLOCKED
+ /usr/local/sbin/nsd-notify -p 53 -z se 127.0.0.1
+ update_sent=yes
+ (( 0 > 0 ))
+ test yes = no
+ exit 0
Looks like it is doing the right thing. Is it correct that nsd should not
log anything about that?
Am I doing anytrhing blatantly wrong?
--
M?ns Nilsson Systems Specialist
+46 70 681 7204 cell KTHNOC
+46 8 790 6518 office MN1334-RIPE
We just joined the civil hair patrol!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20060919/b79664f3/attachment.bin>