similar to: NSD 3: adding zones without restarting?

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

NSD 2.3.2 is a bugfix release. Please see the README document for configuration and installation instructions. You can download NSD from http://www.nlnetlabs.nl/nsd/ Note: we switched to SHA-1 for tarball digest. 2.3.2 ============= FEATURES: - Bug #101: add support for the SPF record. BUG FIXES: - Bug #100: replaced non-portable use of timegm(3) with portable

Hi, I've been working on a replacement for nsd-xfer/bind-xfer for the use with NSD for some evenings now, and since I believe that at least some of you do have the same problem I experienced during my transition to NSD (that is, bind-xfer is only available in BIND8, which is sometimes a little bit peeky in being compiled, plus the many invokations of that program during the regular

The primary (a BIND9) of a zone ("test.") served (as a secondary) by our nsd complains: Jul 16 17:52:45.796 notify: debug 3: zone test/IN: notify response from 192.134.7.251#53: NOTIMP After all, nsd implements the NOTIFY, it logs them and SEC parses the log file to run "nsdc update". Isn't it an error to send a NOTIMP? nsd 1.2.1

People are proposing rate-limiting built into BIND, to defend against some DoS attackes (a proposal <http://fanf.livejournal.com/122111.html> and its implementation <https://github.com/fanf2/bind-9/blob/master/doc/misc/ratelimiting>). What is the current thinking for NSD? (It is a truly open question, do not take it as "this guy requires rate-limiting in NSD".)

Hello, The NSD documentation on Catalog zones[1] states: > NSD can be a producer of catalog zones as well as a catalog zone consumer, but it is limited to process only a single consumer zone. This can be a shortcoming in some architectures, like when NSD is used as a distribution server, dynamically "collecting" domains from several primary servers (each with its own catalog zone)

hi, I noticed the build-nsdzones.pl only converts the first zone of my named.conf to nsd.zones. It also did not include either a master or notify keyword, even though my bind configuration for that zone had an also-notify keyword. Even not listing an also-notify line did not cause build-nsdzones.pl to process more then one zone. Second, I had a question about the nsd.zones format. Does the

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

Hi, I'm new to NSD and would really appreciate if someone can point me to the right direction. I have like 8 NSD servers (secondary) serving around 30,000 zones. Zone updates are transferred from the primary DNS servers by AXFR/IXFR. The 8 NSD servers do not save the zones file on disk but are only held in memory. Therefore after NSD service is restarted zone transfer requests are being

Hello, This topic has been discussed at least a couple of times in the past, but is there currently any way to make NSD ignore out-of-zone data or other errors in the zones or make NSD skip invalid zones? At least with NSD 3.2.16 or earlier any such errors cause NSD rebuild fail and thus prevent NSD from restarting. This is especially problematic in environments where NSD acts as a slave server

I'm trying to set up a machine which will be running multiple instances of NSD to serve different sets of zones from different interfaces. What I'm running into is that I can't specify different PID files to refer to on the command line. Are there any shortcuts or do I need to go write a patch? Any other implications of multiple instances? --

Robert Blayzor via nsd-users writes: > > NSD doesn't understand the GENERATE directive. You'll have to create > > your zone files using a script or template engine. > Understood but certainly not helpful with large dynamic IPv6 PTR's... > Not that dynamic hosts NEED PTR's, but would still be nice to have. lex(1) is your friend. For managing our reverse ip6

Good morning, On Tue Apr 28 2009 at 10:34:24 CEST, Jelte Jansen wrote: > We are looking into it (if only because the question comes up about once a > week now) It's been a little more than a week since the question last turned up :) I'd also like to know if any progress has been made to allow NSD to have zones added/removed on the fly, somewhat along the lines of BIND's

Hi, I have a query regarding running a manual update of nsd via: # nsdc update My NSD server is accepting notifications from two servers. From my nsd.conf: # master 1 allow-notify: X.X.X.X NOKEY request-xfr: AXFR X.X.X.X NOKEY # master 2 allow-notify: Y.Y.Y.Y NOKEY request-xfr: AXFR Y.Y.Y.Y NOKEY Are both servers sequentially queried each time

Hi all, we have discovered a segfault in nsd-patch when renaming slave zone in nsd config file if some data for this zone still exists in the IXFR diff database. In my case, the zone "black" was renamed to "blackinwhite": > root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c > /cage/nsd/etc/nsd-dns-slave.conf > reading database > reading updates to database >

On 3/20/23 13:41, Anand Buddhdev via nsd-users wrote: > Hi Robert, > > NSD doesn't understand the GENERATE directive. You'll have to create > your zone files using a script or template engine. Understood but certainly not helpful with large dynamic IPv6 PTR's... Not that dynamic hosts NEED PTR's, but would still be nice to have. -- inoc.net!rblayzor XMPP:

I wonder how to process the statistics logged by nsd. We compile with --enable-bind8-stats and I thought we would be able to reuse the Perl script that translated our BIND8 statistics to MRTG. But the script has problems, probably because nsd has several daemons, not just one, and each one is logging statistics. Aug 4 10:34:01 ns2 nsd[24573]: NSTATS 1059986041 1059979224 A=292259 NS=4886

This release is an alpha release. We are currently not planning to have a 1.4.0 stable release as we want to prioritize implementing DNSSEC first. The next stable release will then be NSD 2.0.0 with DNSSEC support. This release has some major changes: the database format is much more compact, responses are generated on-the-fly instead of being precompiled in the database, and the new

Hi, NSD 4.8.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz sha256 64f1da8f8163340f9d3b352ef8819e3c72c951fdd87cff55dc3b6a6b1ea27942 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz.asc This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it