nsd users - Apr 2025 - NSD 4.12.0rc1 pre-release

Hi Andreas,

On 16/04/2025 23:17, A. Schulze via nsd-users wrote:
> 4. any chance, that https://github.com/NLnetLabs/nsd/pull/437 find it's
> way in 4.12?
>  ?? a similar change in active in unbound-1.23.0rc2 and works well there.
This change was heading to 4.12 but we pulled it because it was breaking 
software that implicitly sends the SOA probe over UDP.
Maybe a more lenient approach should be used, but the change needs more 
development time at the moment; not something that could be addressed 
for this release cycle.

Best regards,
-- Yorgos
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

Am 17.04.25 um 09:58 schrieb Yorgos Thessalonikefs via
nsd-users:
> Hi Andreas,
> 
> On 16/04/2025 23:17, A. Schulze via nsd-users wrote:
>> 4. any chance, that https://github.com/NLnetLabs/nsd/pull/437 find
it's way in 4.12?
>> ??? a similar change in active in unbound-1.23.0rc2 and works well
there.
> This change was heading to 4.12 but we pulled it because it was breaking
software that implicitly sends the SOA probe over UDP.
> Maybe a more lenient approach should be used, but the change needs more
development time at the moment; not something that could be addressed for this
release cycle.
Hello Yorgos,

I added #437 to my build. It works, somehow...

I cannot imagine a scenario for any (resolver?) software to implicitly send a
SOA probe over UDP to port 853 / not port 53
Could you clarify this, please?

There is also a difference to the same solution for that problem in unbound:
While "netstat -lnpu" does not show open UDP sockets for DoT and DoH
on unbound, NSD is different:
"netstat -lnpu" shows an open Port for Do53 and DoT. Do53/UDP does
timeout on Port 853, though.

It looks like #437 works very different the the code implemented in unbound.

Andreas