Hi, NSD 4.1.14 is available: https://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.14.tar.gz sha256 bdfc61c5f3bf11febd8f4776eef1d4f2d95ed70f12f11d4eeee943c186ffd802 pgp https://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.14.tar.gz.asc This version performs less zone transfer attempts, reducing load on the server. The xfrd state file has a new version number, to store the information. The new version of the file is written on exit of the daemon. 4.1.14 ===============FEATURES: - Fix #1132 for SERVFAIL zones perform backoff, and remembers the timeout on next startup. BUG FIXES: - Fix null memcpy for radixtree with single link element. - Robust fix against missing master in tcp_open for xfrd. - Fix wildcards in include: config statements with chroot enabled. - suppress compile warning in lex files. - Fix to try every master once, then wait for timeout or notify. - Save backoff timeout into xfrd.state file, this file has a higher version number now. Old files are skipped silently (causes refresh) and created as new files upon exit. - Fix restart of zone transfers when new config becomes available. Best regards, Wouter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20161208/9c218bff/attachment.bin>
Am 08.12.2016 um 09:25 schrieb W.C.A. Wijngaards:> NSD 4.1.14 is availableHello, I run a root server mirror like described in https://tools.ietf.org/html/rfc7706#appendix-B.2 on a ipv6 only host. Not sure if the behavior is new but just noticed it: Initial I start without a local "zonefile", without a database ( nsd.conf has database: "" ) and also removed xfrdfile. I expect nsd /immediately/ start fetching the zone from a master. But sometimes it take 2 minutes: Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.228.79.201 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.33.4.12 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.5.5.241 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.112.36.4 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 193.0.14.129 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.0.47.132 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10264]: xfrd: connect 192.0.32.132 failed: Network is unreachable Dec 8 20:31:55 dns nsd[10305]: nsd started (NSD 4.1.14), pid 10264 Dec 8 20:33:55 dns nsd[10264]: xfrd: zone . written received XFR packet from 2001:500:2f::f with serial 2016120801 to disk Dec 8 20:33:55 dns nsd[10264]: xfrd: zone . written received XFR packet from 2001:500:2f::f with serial 2016120801 to disk Dec 8 20:33:55 dns nsd[10264]: xfrd: zone . written received XFR packet from 2001:500:2f::f with serial 2016120801 to disk Dec 8 20:33:55 dns nsd[10264]: xfrd: zone . written received XFR packet from 2001:500:2f::f with serial 2016120801 to disk Dec 8 20:33:55 dns nsd[10264]: xfrd: zone . written received XFR packet from 2001:500:2f::f with serial 2016120801 to disk ... Dec 8 20:33:57 dns nsd[10264]: xfrd: zone . committed "received update to serial 2016120801 at 2016-12-08T20:33:57 from 2001:500:2f::f" Dec 8 20:33:57 dns nsd[10305]: zone . received update to serial 2016120801 at 2016-12-08T20:33:57 from 2001:500:2f::f of 1309648 bytes in 1.39327 seconds The next time I start with "empty" nsd, it try via ipv6 first and operate as expected. Is there any preference or a missing selection on the protocol used for zone transfer? Andreas