Hello, while running nsd as a secondary nameserver with +1000 domains we discovered that the default nsdc(8) was not able to reliable restart nsd. Reason I think is that, by using the PID file, it sends it's signal to only 1 of the default 3 processes. Afterwards it only checks against this 1 process while the other 2 still may be running causing trouble on start up. The patch below fixes it for us (was tested in a lab environment with 10.000 domains). Alf --- usr.sbin/nsd/nsdc.sh.in.orig Fri Aug 10 09:37:33 2012 +++ usr.sbin/nsd/nsdc.sh.in Fri Aug 10 09:34:56 2012 @@ -188,18 +188,18 @@ try=1 while [ $try -ne 0 ]; do - if [ ${try} -gt 50 ]; then + if [ ${try} -gt 60 ]; then echo "nsdc stop failed" return 1 else if [ $try -eq 1 ]; then kill -TERM ${pid} else - kill -TERM ${pid} >/dev/null 2>&1 + pkill -TERM nsd >/dev/null 2>&1 fi # really stopped? - kill -0 ${pid} >/dev/null 2>&1 + pkill -0 nsd >/dev/null 2>&1 if [ $? -eq 0 ]; then controlled_sleep ${try} try=`expr ${try} + 1`
On 10/08/2012 14:55, Alf Schlichting wrote: Hi Alf,> while running nsd as a secondary nameserver with +1000 > domains we discovered that the default nsdc(8) was > not able to reliable restart nsd. > Reason I think is that, by using the PID file, it sends > it's signal to only 1 of the default 3 processes. > Afterwards it only checks against this 1 process while > the other 2 still may be running causing trouble on > start up. > > The patch below fixes it for us (was tested in a lab > environment with 10.000 domains).The "pkill" command is not available on all systems. Linux distros ship with it these days, and MacOS X introduced it with Mountain Lion (10.8), but it may not be available on other systems. Therefore your patch is not portable. Regards, Anand
On Fri, 10 Aug 2012, Alf Schlichting wrote:> while running nsd as a secondary nameserver with +1000 > domains we discovered that the default nsdc(8) was > not able to reliable restart nsd. > Reason I think is that, by using the PID file, it sends > it's signal to only 1 of the default 3 processes. > Afterwards it only checks against this 1 process while > the other 2 still may be running causing trouble on > start up. > > The patch below fixes it for us (was tested in a lab > environment with 10.000 domains).Aha! I have run into this as well, especially in combination with opendnssec. I had filed a bug report, but there were issues reproducing it. I'm glad I'm not crazy! Paul