search for: zonefiles

...ol 8 command write does. .It Fl i Ar oldfile Create an IXFR from the differences between the old zone file and the new zone file. The .Ar oldfile argument to the .Fl i option is the old zonefile, the .Ar zonefile argument passed to .Nm is the new zonefile. The difference is computed between the two zonefiles by keeping one version of the zone in memory, and another version in a temporary file. The temporary file is located in the zonefile directory. This is also where the result is written in a file with the zonefile name, ending with .Sq .ixfr . This is also where NSD reads it when IXFRs are configure...

...URATION ------------------------- 1. install rsync and add something like the following to /etc/inetd.conf to run it as a daemon: rsync stream tcp nowait root /usr/sbin/tcpd /usr/bin/rsync --daemon 2. edit /etc/rsyncd.conf like so: ---cut here--- syslog facility = daemon [zonefile] comment = zonefiles for rsync transfer path = /var/cache/bind/rsync read only = yes # see rsyncd.conf(5) for details on hosts allow specification hosts allow = a.a.a.a b.b.b.b c.c.c.c ...etc... ---cut here--- /var/cache/bind/rsync is the directory containing the rsyncable zone file(s). this should be a ded...

Hi, I found a reproducible seg fault with a DNSSEC signed zone and overlapping config. I'm running NSD 4.10.1. Here's how to reproduce. 2 zones in nsd.conf: zone: name: "foo.com." zonefile: "/zones/foo.com.zone.signed" zone: name: "bar.foo.com." zonefile: "/zones/bar.foo.com.zone" Zone files:

Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the

Hi Jeroen, Attached is the zone I used. Did you add the record for a.bar ? Ex: a.bar 300 IN NS ns.somewhere.net. Chris ________________________________ From: Jeroen Koekkoek <jeroen at nlnetlabs.nl> Sent: Tuesday, October 8, 2024 5:33 AM To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re:

...R="/etc/named/KSK" ZSKDIR="/etc/named/ZSK" ZONEDIR="/var/named/chroot/var/named" LOG="/var/named/chroot/var/log/dnssec_resign.log" MAILREC="monitor at xx" #delete old signed files rm -rf $ZONEDIR/*.signed #delete the old log rm -rf $LOG #read the zonefiles ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') for FILES in $ZONEFILES; do #remove the .zone at the end ZONE=$(echo "${FILES%.*}") #remove the old signed zone rm -rf $ZONEDIR/$ZONE.signed #Sign the zone cd $ZONEDIR dnssec-signz...

Hi Chris, I can reproduce with your zone. Thanks! Best, Jeroen On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > Hi Jeroen, > > > Attached is the zone I used. Did you add the record for a.bar ? > > > Ex: > > > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net. > > > Chris > > > > > > > > > > >

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$Z...

...log-time-ascii: yes round-robin: yes verbosity: 0 ip-address: "127.0.0.53" rrl-size: 1000000 rrl-ratelimit: 200 rrl-slip: 2 rrl-ipv4-prefix-length: 24 rrl-ipv6-prefix-length: 64 rrl-whitelist-ratelimit: 2000 zonefiles-check: yes zonefiles-write: 3600 remote-control: control-enable: yes control-port: 8952 server-key-file: "/etc/nsd/nsd_server.key" server-cert-file: "/etc/nsd/nsd_server.pem" control-key-file: "/etc/nsd/nsd_control.key"...

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to

...K" > ZONEDIR="/var/named/chroot/var/named" > LOG="/var/named/chroot/var/log/dnssec_resign.log" > MAILREC="monitor at xx" > > #delete old signed files > rm -rf $ZONEDIR/*.signed > > #delete the old log > rm -rf $LOG > > #read the zonefiles > ZONEFILES=$(ls -p $ZONEDIR | grep -v '/$' | grep -v 'dsset*') > > for FILES in $ZONEFILES; do > #remove the .zone at the end > ZONE=$(echo "${FILES%.*}") Why not just: ZONE=${FILES%.*} > #remove the old signed zone > rm -rf $ZONEDIR/$Z...

...sename(copyinstr(self- >file)),arg1); */ } syscall::write:entry /arg0==self->hostsfd/ { /* trace("Write hosts"); */ self->hostswritten=1; } syscall::close:entry /arg0==self->hostsfd && self->hostswritten==1/ { system("/usr/local/bin/regen-zonefiles"); self->hostsfd=-1 ; } Is there an easier/better way to do this, I think this script fails to detect a failed write, what is the best way to do that... Paul

BIND has a handy feature $GENERATE directive in zone files that allows you to handle large ranges of things like PTR/A records without having to actually create long lists in very large zonefiles. This was handy for things like IPv4/v6 PTR's and matching A/AAAA records for large dynamic hosts, etc. Does NSD support any type of range generation such at this? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/

What is the right way to add PTR records to zonefile? I have the following config. Is it syntactically correct? humaaraartha.in.? ? ? ?A? ? ? ? ?182.59.136.243 243.136.59.182.in-addr.arpa.? ? ? PTR? ? ? ?humaaraartha.in.? When I dig the latter @localhost, I'm unable to get humaaraartha.in.? Thanking you Sagar Acharya https://humaaraartha.in P.S. Kindly cc me, I'm not subscribed to the

Hi Jean-Christophe, Anand's answer is entirely correct. Once 4.8.0 is released, zone files will be written once per hour by default. Best regards, Jeroen On Tue, 2023-12-05 at 10:48 +0100, Anand Buddhdev via nsd-users wrote: > On 04/12/2023 13:47, Jean-Christophe Boggio via nsd-users wrote: > > Hi Jean-Christophe, > > > When syncing between master and slaves, am I

...abase will always be created, or NEVER be created? I always wondered why I had both the .db and the zone files. After reading this first response, I was thinking I could cancel the zone files from being produced. But now, reading your reply, it appears that the nsd.db is being deprecated, and the zonefiles will be the only option. Is this correct? Cheers, Jamie