Hello,
while running nsd as a secondary nameserver with +1000
domains we discovered that the default nsdc(8) was
not able to reliable restart nsd.
Reason I think is that, by using the PID file, it sends
it's signal to only 1 of the default 3 processes.
Afterwards it only checks against this 1 process while
the other 2 still may be running causing trouble on
start up.
The patch below fixes it for us (was tested in a lab
environment with 10.000 domains).
Alf
--- usr.sbin/nsd/nsdc.sh.in.orig Fri Aug 10 09:37:33 2012
+++ usr.sbin/nsd/nsdc.sh.in Fri Aug 10 09:34:56 2012
@@ -188,18 +188,18 @@
try=1
while [ $try -ne 0 ]; do
- if [ ${try} -gt 50 ]; then
+ if [ ${try} -gt 60 ]; then
echo "nsdc stop failed"
return 1
else
if [ $try -eq 1 ]; then
kill -TERM ${pid}
else
- kill -TERM ${pid} >/dev/null 2>&1
+ pkill -TERM nsd >/dev/null 2>&1
fi
# really stopped?
- kill -0 ${pid} >/dev/null 2>&1
+ pkill -0 nsd >/dev/null 2>&1
if [ $? -eq 0 ]; then
controlled_sleep ${try}
try=`expr ${try} + 1`
On 10/08/2012 14:55, Alf Schlichting wrote: Hi Alf,> while running nsd as a secondary nameserver with +1000 > domains we discovered that the default nsdc(8) was > not able to reliable restart nsd. > Reason I think is that, by using the PID file, it sends > it's signal to only 1 of the default 3 processes. > Afterwards it only checks against this 1 process while > the other 2 still may be running causing trouble on > start up. > > The patch below fixes it for us (was tested in a lab > environment with 10.000 domains).The "pkill" command is not available on all systems. Linux distros ship with it these days, and MacOS X introduced it with Mountain Lion (10.8), but it may not be available on other systems. Therefore your patch is not portable. Regards, Anand
On Fri, 10 Aug 2012, Alf Schlichting wrote:> while running nsd as a secondary nameserver with +1000 > domains we discovered that the default nsdc(8) was > not able to reliable restart nsd. > Reason I think is that, by using the PID file, it sends > it's signal to only 1 of the default 3 processes. > Afterwards it only checks against this 1 process while > the other 2 still may be running causing trouble on > start up. > > The patch below fixes it for us (was tested in a lab > environment with 10.000 domains).Aha! I have run into this as well, especially in combination with opendnssec. I had filed a bug report, but there were issues reproducing it. I'm glad I'm not crazy! Paul