similar to: IXFR regression in nsd 3.2.9?

Hi NSD developers, I have been experimenting with the "store-ixfr" feature in NSD. I have a configuration with: server: zonefiles-write: 0 pattern: store-ixfr: yes With this configuration, NSD transfers zones from a primary, and keeps them in RAM. When the zones are updated, it receives and stores the IXFR in RAM too. I can query NSD with the IXFR qtype, and it replies with

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

Dear authors of NSD, currently, the manpages that come with NSD are written in the traditional man(7) markup language. I am proposing to rewrite them into the semantic markup of the mdoc(7) language. I am willing to do the work. See a version of nsd-checkzone.8 below as an example. Both the man(7) and mdoc(7) languages have been around for decades, and are supported by the prevalent formatters:

Hello! I use NSD 4.7.0 self compiled: Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking

People are proposing rate-limiting built into BIND, to defend against some DoS attackes (a proposal <http://fanf.livejournal.com/122111.html> and its implementation <https://github.com/fanf2/bind-9/blob/master/doc/misc/ratelimiting>). What is the current thinking for NSD? (It is a truly open question, do not take it as "this guy requires rate-limiting in NSD".)

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

I wonder how to process the statistics logged by nsd. We compile with --enable-bind8-stats and I thought we would be able to reuse the Perl script that translated our BIND8 statistics to MRTG. But the script has problems, probably because nsd has several daemons, not just one, and each one is logging statistics. Aug 4 10:34:01 ns2 nsd[24573]: NSTATS 1059986041 1059979224 A=292259 NS=4886

Hi all, we have discovered a segfault in nsd-patch when renaming slave zone in nsd config file if some data for this zone still exists in the IXFR diff database. In my case, the zone "black" was renamed to "blackinwhite": > root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c > /cage/nsd/etc/nsd-dns-slave.conf > reading database > reading updates to database >

Hi, NSD 4.8.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz sha256 64f1da8f8163340f9d3b352ef8819e3c72c951fdd87cff55dc3b6a6b1ea27942 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz.asc This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation

Hi, I'm new to NSD and would really appreciate if someone can point me to the right direction. I have like 8 NSD servers (secondary) serving around 30,000 zones. Zone updates are transferred from the primary DNS servers by AXFR/IXFR. The 8 NSD servers do not save the zones file on disk but are only held in memory. Therefore after NSD service is restarted zone transfer requests are being

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

I copied exactly where Axel provided into atrmps.repo. I have the line: atrpms.repo:baseurl=http://dl.atrpms.net/el5-x86_64/atrpms/stable but the rpms that are being flagged as updates pretty much all have fc5 in their names. e.g.: ---> Package mplayer-fonts.noarch 4:1.0-7.at set to be updated ---> Package mplayer.i386 4:1.0-60_r23482.fc5 set to be updated ---> Package

I have used tinydns for many many years now and it has always worked very well. I like its simplicity: 1 text file is converted into a cdb database, there's no master/slave environment (all nameservers are equal) and synchronisation is done by rsync. Tinydns is run by runit, a supervise system. I'm looking at NSD now and I think I can use NSD the same way I use tinydns. The only

An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230222/50ca00eb/attachment.htm>

This release is an alpha release. We are currently not planning to have a 1.4.0 stable release as we want to prioritize implementing DNSSEC first. The next stable release will then be NSD 2.0.0 with DNSSEC support. This release has some major changes: the database format is much more compact, responses are generated on-the-fly instead of being precompiled in the database, and the new

Dear NSD users, Here is the release candidate for NSD 3.2.15. This comes with ILNP support, NSD-RRL and different TSIG initialization (it fails if it can't find no suitable algorithms, instead of can't find 'one of the'). Plus some bugfixes. The NSD-RRL implementation is based on the work by Vixie and Schryver. However, because of the code-diversity argument that is at the basis

Hi, all: This is just a note and suggestion, not a question; but I really like this system and thought it might be useful to others so I decided to share. Hope it helps someone, and comments or suggestions are always welcome. 1. Overview: Shorewall accepts traffic on ports that I consider "hostile" (i.e. ports on which I would NEVER expect to see connections) and redirects

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

NSD 2.3.2 is a bugfix release. Please see the README document for configuration and installation instructions. You can download NSD from http://www.nlnetlabs.nl/nsd/ Note: we switched to SHA-1 for tarball digest. 2.3.2 ============= FEATURES: - Bug #101: add support for the SPF record. BUG FIXES: - Bug #100: replaced non-portable use of timegm(3) with portable

On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is spinning chewing CPU. The logs show: Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily unavailable ktruss shows it getting EAGAIN from sendmmsg(2) over and over again. According to the man page: [EAGAIN|EWOULDBLOCK] The socket is marked non-blocking and the requested