search for: ixfr

Hi NSD developers, I have been experimenting with the "store-ixfr" feature in NSD. I have a configuration with: server: zonefiles-write: 0 pattern: store-ixfr: yes With this configuration, NSD transfers zones from a primary, and keeps them in RAM. When the zones are updated, it receives and stores the IXFR in RAM too. I can query NSD with the IXF...

...information and exit. .It Fl p Print the zone contents to stdout if the zone is ok. This prints the contents as it has been parsed, not literally a copy of the input, but as printed by the formatting routines in NSD, much like the .Xr nsd-control 8 command write does. .It Fl i Ar oldfile Create an IXFR from the differences between the old zone file and the new zone file. The .Ar oldfile argument to the .Fl i option is the old zonefile, the .Ar zonefile argument passed to .Nm is the new zonefile. The difference is computed between the two zonefiles by keeping one version of the zone in memory, and...

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we deleted the databases and compiled everything again with zonec (no problem). The server works fine but, when a zone for which it is a slave is modified, we...

...t=1. Zone test. is unsigned. The server had plenty of other zones plus the test. zone. Ever zones has a dedicated NSD process. The server has 40GB RAM. Without .test the server has ~20GB RAM consumption. Testing: 1. AXFR of test. zone with 5RR -> Memory consumption stable at 20GB 2. AXFR-style IXFR of test. zone with 50mio RRs (only NS records) -> memory consumption increased by ~14GB RAM to 34GB RAM 15:05:46 nsd-trial[635021]: xfrd: zone test committed "received update to serial 1690380825 at 2023-07-26T15:05:46 from xxx TSIG verified with key yyy" 15:13:53 nsd-trial[635022]: zo...

...rge #281: Proxy protocol. An implementation of PROXYv2 for NSD. It can be configured with proxy-protocol-port: portnum with the port number of the interface on which proxy traffic is handled. The interface can support proxy traffic for UDP, TCP and TLS. - Merge #301: improve the logging of ixfr fallbacks to axfr. - Merge #305: faster stats. Statistics can be gathered while a reload is in progress. BUG FIXES: - Merge #282: Improve nsd.conf man page. - Fix unused but set variable warning. - Fix #283: Compile failure in remote.c when --disable-bind8-stats and --without-ssl are specifi...

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

Hi, I'm new to NSD and would really appreciate if someone can point me to the right direction. I have like 8 NSD servers (secondary) serving around 30,000 zones. Zone updates are transferred from the primary DNS servers by AXFR/IXFR. The 8 NSD servers do not save the zones file on disk but are only held in memory. Therefore after NSD service is restarted zone transfer requests are being send to the master DNS servers. My questions are as follows 1) When zone data is not saved on file and only held in memory NSD initiates zon...

...or gcc 2.95). - Bugfix #483: Better error message in case of TSIG error. - Bugfix #485: TTL should not be greater than 2^31 - 1. - Fix RCODE when CNAME loop final answer does not exist, should return NXDOMAIN as stated by RFC 6604. - Fix --disable-full-prehash bug, where after multiple incoming IXFRs, NSEC3 can be removed unjustified. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 553 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20130204/398d277...

Hi all, we have discovered a segfault in nsd-patch when renaming slave zone in nsd config file if some data for this zone still exists in the IXFR diff database. In my case, the zone "black" was renamed to "blackinwhite": > root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c > /cage/nsd/etc/nsd-dns-slave.conf > reading database > reading updates to database > [1343043191] nsd-patch[10800]: error: xfr: zone...

...g files: named.conf: acl local-domain { 10.151.0.0/16; 127.0.0.1; }; acl interfaces { 10.151.21.4; 127.0.0.1; }; options { directory "/usr/local/etc/namedb/working/"; notify no; recursion yes; minimal-responses yes; provide-ixfr yes; request-ixfr yes; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; tkey-gssapi-keytab "/var/db/samba4/private/dns.keytab";...

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

I have used tinydns for many many years now and it has always worked very well. I like its simplicity: 1 text file is converted into a cdb database, there's no master/slave environment (all nameservers are equal) and synchronisation is done by rsync. Tinydns is run by runit, a supervise system. I'm looking at NSD now and I think I can use NSD the same way I use tinydns. The only

An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230222/50ca00eb/attachment.htm>

Andrew & Kenny - Thank You! DSN will talk to me again! I still don't have the dynamic DNS completely right, but God it sure is nice to have nslookup speaking to me again. I couldn't have done it without your help. Ok, here is the status. Like a numer of us, I have the uncanny nack of making life far too difficult for myself. You are goinng to sh!$ when you find out what my