Hi,
NSD 4.1.21rc1 prerelease is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.1.21rc1.tar.gz
sha256 de9c4474d3a36a1da4544a1556268da3f8eefe87f1514e31d0be9f74e5c01d2f
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.1.21rc1.tar.gz.asc
This release introduces query type ANY refusal. NSD already has RRL
support that by default throttles queries, and also queries of type ANY.
But an nsd.conf option has been added, this makes NSD refuse queries of
type ANY.
The tcp-count can be higher. For more tcp service, use something like
tcp-count: 10000 or so. The fix is that tcp connections use (much) less
memory now, than in previous versions.
The memclean option is for memory checkers and code analyzers, without
the option, NSD lets the system remove memory pages with unused
resources on exit of a process, which is much faster.
4.1.21
===============FEATURES:
- --enable-memclean cleans up memory for use with memory checkers,
eg. valgrind.
- refuse-any nsd.conf option that refuses queries of type ANY.
- lower memory usage for tcp connections, so tcp-count can be
higher.
BUG FIXES:
- Fix unused variable warnings and uninit variable in statistics
printout from clang analyzer.
- Fix spelling error in xfr-inspect.
- Fix #3562: explain build error when flex missing.
- Fix buffer size warnings from compiler on filename lengths.
- Fix #4093: Release notes not using 2018.
Best regards, Wouter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20180507/ce858923/attachment.bin>
W.C.A. Wijngaards:> NSD 4.1.21rc1 prerelease is available:> This release introduces query type ANY refusal. NSD already has RRL > support that by default throttles queries, and also queries of type ANY. > But an nsd.conf option has been added, this makes NSD refuse queries of > type ANY.compiled without warnings on Debian. Running on some lab systems now... Is it intentional to refuse-any on UDP /and/ TCP? https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-06#section-4.4 Implementers SHOULD provide configuration options to allow operators to specify different behaviour over UDP and TCP. I've no idea if refuse-any will break something in my networks. But if one day something break, it would be nice to know NSD could be configured to at lease allow ANY (old behaviour) on TCP. Andreas
Hi,
NSD 4.1.21 release is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.1.21.tar.gz
sha256 7858b934a07e1582079d7e724b05855380416b7fd68cdaeeca16305bd66bd2bd
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.1.21.tar.gz.asc
This release introduces query type ANY refusal. NSD already has RRL
support that by default throttles queries, and also queries of type ANY.
But an nsd.conf option has been added, this makes NSD refuse queries of
type ANY.
The tcp-count can be higher. For more tcp service, use something like
tcp-count: 10000 or so. The fix is that tcp connections use (much) less
memory now, than in previous versions.
The memclean option is for memory checkers and code analyzers, without
the option, NSD lets the system remove memory pages with unused
resources on exit of a process, which is much faster.
4.1.21
===============FEATURES:
- --enable-memclean cleans up memory for use with memory checkers,
eg. valgrind.
- refuse-any nsd.conf option that refuses queries of type ANY.
- lower memory usage for tcp connections, so tcp-count can be
higher.
BUG FIXES:
- Fix unused variable warnings and uninit variable in statistics
printout from clang analyzer.
- Fix spelling error in xfr-inspect.
- Fix #3562: explain build error when flex missing.
- Fix buffer size warnings from compiler on filename lengths.
- Fix #4093: Release notes not using 2018.
Best regards, Wouter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20180514/9e664873/attachment.bin>