On Wed, 25 Dec 2019 11:07:49 +0100 Anand Buddhdev <anandb at ripe.net> wrote:> On 24/12/2019 22:28, richard lucassen via nsd-users wrote: > > > OTOH, nsd does not read its config file when receiving a HUP. It > > would be a nice if a USR2 would force a config reload in case of a > > supervised setup. Maybe that's something for the wishlist. > > Well, NSD *does* re-read its config file on SIGHUP. However, it only > reapplies those config elements that it can, such as addition or > removal of zones. Other elements, such as the listening address and > port, number of workers (essentially all the elements in the "server" > section) cannot be changed on the fly, so NSD just ignores them. If > you change any of those, you have to restart NSD. > > This confuses many users. It would be nice if the developers could > indicate in the nsd.conf man page, which option requires a restart to > take effect, and which one can be adjusted with a "reload" or > "reconfig".The problem is (was) that I used "include:" statements in nsd.conf to load zone information. Apparently nsd does not reread the include files upon a SIGHUP. I scripted everything into 1 file and a HUP rereads the zone info now. R. -- richard lucassen http://contact.xaq.nl/
On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:> The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now.Wrong, I made a mistake it does not. A SIGHUP does not make nsd reread it's config file. When using nsd-control I get an error: # nsd-control delzone test.xaq.nl error zone defined in nsd.conf, cannot delete it in this manner: remove it from nsd.conf yourself and repattern The output of "nsd-checkconf -v /etc/nsd/nsd.conf": server: debug-mode: no ip-transparent: no ip-freebind: no reuseport: no do-ip4: yes do-ip6: no hide-version: yes database: "" #identity: #version: #nsid: #logfile: server-count: 1 tcp-count: 100 tcp-query-count: 0 tcp-timeout: 120 tcp-mss: 0 outgoing-tcp-mss: 0 ipv4-edns-size: 4096 ipv6-edns-size: 4096 pidfile: "/var/lib/nsd/nsd.pid" port: "53" statistics: 0 chroot: "/var/lib/nsd/" username: "nsd" zonesdir: "/var/lib/nsd/domains/" xfrdfile: "" zonelistfile: "/var/lib/nsd/zone.list" xfrdir: "/var/lib/nsd/tmp/" xfrd-reload-timeout: 1 log-time-ascii: yes round-robin: yes verbosity: 0 ip-address: "127.0.0.53" rrl-size: 1000000 rrl-ratelimit: 200 rrl-slip: 2 rrl-ipv4-prefix-length: 24 rrl-ipv6-prefix-length: 64 rrl-whitelist-ratelimit: 2000 zonefiles-check: yes zonefiles-write: 3600 remote-control: control-enable: yes control-port: 8952 server-key-file: "/etc/nsd/nsd_server.key" server-cert-file: "/etc/nsd/nsd_server.pem" control-key-file: "/etc/nsd/nsd_control.key" control-cert-file: "/etc/nsd/nsd_control.pem" zone: name: test.xaq.nl zonefile: /var/lib/nsd/domains/nl/xaq/test/zone (and a lot of other zones) BTW, a "control-enable: no" gives a config error. Any hints? And perhaps some more comments on the config? Note: this is a supervised version running under "runit" R. -- richard lucassen http://contact.xaq.nl/