similar to: Best practices to switch from BIND to NSD

This release is an alpha release. We are currently not planning to have a 1.4.0 stable release as we want to prioritize implementing DNSSEC first. The next stable release will then be NSD 2.0.0 with DNSSEC support. This release has some major changes: the database format is much more compact, responses are generated on-the-fly instead of being precompiled in the database, and the new

All, I see the following message fairly frequently in our nsd.log files: error: failed reading from tcp: Connection reset by peer A quick grep through the source code reveals that this log message comes from server.c, and can come pretty much at any time during a TCP query. Since: - This condition occurs during normal operation, and - There is nothing a server operator can do about it. I

Dear authors of NSD, currently, the manpages that come with NSD are written in the traditional man(7) markup language. I am proposing to rewrite them into the semantic markup of the mdoc(7) language. I am willing to do the work. See a version of nsd-checkzone.8 below as an example. Both the man(7) and mdoc(7) languages have been around for decades, and are supported by the prevalent formatters:

Hello, My question is not related to NSD in particular, but I have seen here on the list a lot of people that work for TLDs and other Registrars and Registry operators I thought it would be a good place to ask this question. It is about DNS though, not completely off topic :). I have encountered in my DNS studies a few name servers that let you transfer zones they are authoritative for. The

While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs. So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS. But if

On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is spinning chewing CPU. The logs show: Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily unavailable ktruss shows it getting EAGAIN from sendmmsg(2) over and over again. According to the man page: [EAGAIN|EWOULDBLOCK] The socket is marked non-blocking and the requested

Hello World, I am trying to build NSD4 on Debian Squeeze and I get the following errors when running `make`. ``` $ pwd /home/wiz/src/nsd/tags/NSD_4_0_0_imp_5 $ make [... output omitted ...] gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o configparse acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o tsig-opens 4_pton.o b64_ntop.o -lcrypto configparser.o: In

hi, At least with a recent version if it is a time sync issue nsd will do a specific log msg that. Laura, can you send over the actual configuration? (maybe replacing the key with a placeholder or rotating the keys afterwards) It sounds strange if nsd checks tsig on the notify, but allow xfr without it. Regards, Tam?s May 16, 2024 16:14:59 Anand Buddhdev via nsd-users <nsd-users at

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

Hi Christof! AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS. Regards Klaus PS: If

Hi Jean Claude, The message is printed when the bind operation failed. Why that happens is hard to say, I'd need more information for that. As the message does not say: address already in use (or similar), I'm guessing the address is not configured? Best regards, Jeroen On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users wrote: > Dear nsd Users, > kindly can

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

Dear All, Please help me understand why timestamps in logs are different from those in nsd-control zonestatus output: served-serial: "2024022603 since 2024-02-27T08:07:51" commit-serial: "2024022603 since 2024-02-27T08:07:51" Feb 26 18:47:34 slave-server nsd[780]: zone testzone.test. received update to serial 2024022603 at 2024-02-26T18:47:33 from

Hi Jeroen, I just realised that the version I use is very old -- 4.1. So first what I should do -- updating it and only then come here , asking for clarification. ??, 27 ????. 2024??. ? 14:19, Jeroen Koekkoek <jeroen at nlnetlabs.nl>: > Hi Peter, > > NSD processes updates in batches. xfrd receives the [AI]XFR and > schedules a reload for the main process, which in turn forks

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

Hi Peter, NSD processes updates in batches. xfrd receives the [AI]XFR and schedules a reload for the main process, which in turn forks new serve children. The served-serial is updated after main reports success, the commit-serial (update written to disk) is updated before the reload (to explain the serials). The difference in timestamp can be explained by the fact that NSD looks up if the serial

Per RFC 8501 seciont 2.2 https://datatracker.ietf.org/doc/html/rfc8501 I have attempted to use a wildcard on a /64 boundary within a zonefile for NSD, but it doesn't not appear to work. PTR lookups fail... tested with, ie: $ORIGIN 1.1.0.0.8.5.1.b.2.2.5.2.ip6.arpa. * PTR my.fqdn.net. Did not work... or would you have to use? (not tested) *.*.*.*.*.*.*.*.*.*.*.* PTR .... --

Hi, I'm testing: $ sudo nsd-control status version: 4.0.1 verbosity: 2 I found a loop problem with this record: * IN CNAME none ("none" means no matching record in zone and therefore match * again) Queries that use "* CNAME" will result in a loop. The response will use TCP and will be limited to 65k bytes $ dig @127.0.0.1 sdfgsfg.test.com ;; Truncated,