search for: zonefil

...uch better readability and maintainability. Please let me know if you are interested. Jan .Dd December 31, 2022 .Dt NSD-CHECKZONE 8 .Os .Sh NAME .Nm nsd-checkzone .Nd check NSD zone file syntax .Sh SYNOPSIS .Nm .Op Fl hp .Op Fl i Ar oldfile .Op Fl n Ar number .Op Fl s Ar size .Ar zonename .Ar zonefile .Sh DESCRIPTION .Nm reads a DNS zone file and checks it for errors. It prints errors to stderr. On failure it exits with nonzero exit status. This is used to check files before feeding them to the .Xr nsd 8 daemon. The .Ar zonename is the zone to check, the .Ar zonefile is the file to read. .Pp Th...

...SERVER SIDE CONFIGURATION ------------------------- 1. install rsync and add something like the following to /etc/inetd.conf to run it as a daemon: rsync stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsync --daemon 2. edit /etc/rsyncd.conf like so: ---cut here--- syslog facility = daemon [zonefile] comment = zonefiles for rsync transfer path = /var/cache/bind/rsync read only = yes # see rsyncd.conf(5) for details on hosts allow specification hosts allow = a.a.a.a b.b.b.b c.c.c.c ...etc... ---cut here--- /var/cache/bind/rsync is the directory containing the rsyncable zone file(s...

Hi, I found a reproducible seg fault with a DNSSEC signed zone and overlapping config. I'm running NSD 4.10.1. Here's how to reproduce. 2 zones in nsd.conf: zone: name: "foo.com." zonefile: "/zones/foo.com.zone.signed" zone: name: "bar.foo.com." zonefile: "/zones/bar.foo.com.zone" Zone files: foo.com.zone.signed is DNSSEC signed with a record for a.bar (A record or anything) bar.foo.com.zone doesn't exist (but it's i...

Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the "--disable-radix-tree" configure option (as the e...

...ee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the "--disable-radix-tree" configure option (as the e...

...R="/etc/named/KSK" ZSKDIR="/etc/named/ZSK" ZONEDIR="/var/named/chroot/var/named" LOG="/var/named/chroot/var/log/dnssec_resign.log" MAILREC="monitor at xx" #delete old signed files rm -rf $ZONEDIR/*.signed #delete the old log rm -rf $LOG #read the zonefiles ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') for FILES in $ZONEFILES; do #remove the .zone at the end ZONE=$(echo "${FILES%.*}") #remove the old signed zone rm -rf $ZONEDIR/$ZONE.signed #Sign the zone cd $ZONEDIR dnssec-sig...

...ers at lists.nlnetlabs.nl> > Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal > > ? > > > Hi Chris, > > I'm having trouble trying to reproduce the issue locally. > > Like you I configure two zones. > > zone: > ? name: example.com. > ? zonefile: example.com.zone.signed > > zone: > ? name: bar.example.com. > ? zonefile: bar.example.com.zone > > The file bar.example.com.zone does not exist. After touching and > reloading the signed zone, no segfault occurs. I've tried with and > without the "--disable-rad...

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

...d create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org". warning: slave zone lfarkas.org with no zonefile 'lfarkas.org'(No such file or directory) will force zone transfer. zonec: processed 0 RRs in "lfarkas.org". ----------------------------------------- but the slave file is never written. so i assume the zone date is written into nsd.db, but from nsd.conf zonefile: "This att...

...GV in rbtree_find_less_equal > > > > ? > > > > > > Hi Chris, > > > > I'm having trouble trying to reproduce the issue locally. > > > > Like you I configure two zones. > > > > zone: > > ? name: example.com. > > ? zonefile: example.com.zone.signed > > > > zone: > > ? name: bar.example.com. > > ? zonefile: bar.example.com.zone > > > > The file bar.example.com.zone does not exist. After touching and > > reloading the signed zone, no segfault occurs. I've tried with and &...

...7.0.0.1 [2025-01-04 14:55:30.711] nsd[69351]: info: remote control connection authenticated [2025-01-04 14:55:30.711] nsd[69351]: info: control cmd: reload testing.internal [2025-01-04 14:55:30.712] nsd[69351]: info: remote control operation completed [2025-01-04 14:55:30.713] nsd[40839]: info: zonefile testing.internal.forward is not modified [2025-01-04 14:55:30.723] nsd[40839]: error: reload: old-main quit during quit sync ''' relevant snippets from nsd.conf: ''' server: server-count: 1 verbosity: 3 zonesdir: "/var/nsd/etc/zones/"...

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/...

...log-time-ascii: yes round-robin: yes verbosity: 0 ip-address: "127.0.0.53" rrl-size: 1000000 rrl-ratelimit: 200 rrl-slip: 2 rrl-ipv4-prefix-length: 24 rrl-ipv6-prefix-length: 64 rrl-whitelist-ratelimit: 2000 zonefiles-check: yes zonefiles-write: 3600 remote-control: control-enable: yes control-port: 8952 server-key-file: "/etc/nsd/nsd_server.key" server-cert-file: "/etc/nsd/nsd_server.pem" control-key-file: "/etc/nsd/nsd_control.key&quot...

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After reconfig nsd-control zonestatus still shows that the zone is still master: zone: 10.in-add...

...16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to come from 172.16/16 subnet. To do this, I use allow-notify in the slave config file: zone: name: "black" zonefile: "/var/nsd/zones/black.zone" allow-notify: 172.16.0.0/24 NOKEY Then I receive error message from nsd-checkconf: /etc/nsd-dns-slave.conf: zone black has allow-notify but no request-xfr items. Where can it get a zone transfer when a notify is received? /etc/nsd-dns-slave.conf: 1...

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/...

...sename(copyinstr(self- >file)),arg1); */ } syscall::write:entry /arg0==self->hostsfd/ { /* trace("Write hosts"); */ self->hostswritten=1; } syscall::close:entry /arg0==self->hostsfd && self->hostswritten==1/ { system("/usr/local/bin/regen-zonefiles"); self->hostsfd=-1 ; } Is there an easier/better way to do this, I think this script fails to detect a failed write, what is the best way to do that... Paul

...11] nsd[69351]: info: remote control connection > authenticated > [2025-01-04 14:55:30.711] nsd[69351]: info: control cmd:? reload > testing.internal > [2025-01-04 14:55:30.712] nsd[69351]: info: remote control operation > completed > [2025-01-04 14:55:30.713] nsd[40839]: info: zonefile > testing.internal.forward is not modified > [2025-01-04 14:55:30.723] nsd[40839]: error: reload: old-main quit > during quit sync > ''' > > relevant snippets from nsd.conf: > ''' > server: > ??????? server-count: 1 > ??????? verbosity: 3 &gt...

BIND has a handy feature $GENERATE directive in zone files that allows you to handle large ranges of things like PTR/A records without having to actually create long lists in very large zonefiles. This was handy for things like IPv4/v6 PTR's and matching A/AAAA records for large dynamic hosts, etc. Does NSD support any type of range generation such at this? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/

What is the right way to add PTR records to zonefile? I have the following config. Is it syntactically correct? humaaraartha.in.? ? ? ?A? ? ? ? ?182.59.136.243 243.136.59.182.in-addr.arpa.? ? ? PTR? ? ? ?humaaraartha.in.? When I dig the latter @localhost, I'm unable to get humaaraartha.in.? Thanking you Sagar Acharya https://humaaraartha.in P...