similar to: Unsecured zone transfers and open resolvers

Hello World, I am trying to build NSD4 on Debian Squeeze and I get the following errors when running `make`. ``` $ pwd /home/wiz/src/nsd/tags/NSD_4_0_0_imp_5 $ make [... output omitted ...] gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o configparse acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o tsig-opens 4_pton.o b64_ntop.o -lcrypto configparser.o: In

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to

An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230222/50ca00eb/attachment.htm>

Hi, NSD 4.8.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz sha256 64f1da8f8163340f9d3b352ef8819e3c72c951fdd87cff55dc3b6a6b1ea27942 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz.asc This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

I wonder how to process the statistics logged by nsd. We compile with --enable-bind8-stats and I thought we would be able to reuse the Perl script that translated our BIND8 statistics to MRTG. But the script has problems, probably because nsd has several daemons, not just one, and each one is logging statistics. Aug 4 10:34:01 ns2 nsd[24573]: NSTATS 1059986041 1059979224 A=292259 NS=4886

Hi, I'm testing: $ sudo nsd-control status version: 4.0.1 verbosity: 2 I found a loop problem with this record: * IN CNAME none ("none" means no matching record in zone and therefore match * again) Queries that use "* CNAME" will result in a loop. The response will use TCP and will be limited to 65k bytes $ dig @127.0.0.1 sdfgsfg.test.com ;; Truncated,

While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs. So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS. But if

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is spinning chewing CPU. The logs show: Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily unavailable ktruss shows it getting EAGAIN from sendmmsg(2) over and over again. According to the man page: [EAGAIN|EWOULDBLOCK] The socket is marked non-blocking and the requested

hi, At least with a recent version if it is a time sync issue nsd will do a specific log msg that. Laura, can you send over the actual configuration? (maybe replacing the key with a placeholder or rotating the keys afterwards) It sounds strange if nsd checks tsig on the notify, but allow xfr without it. Regards, Tam?s May 16, 2024 16:14:59 Anand Buddhdev via nsd-users <nsd-users at

Hello! I use NSD 4.7.0 self compiled: Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

Hi Christof! AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS. Regards Klaus PS: If

Hi Jean Claude, The message is printed when the bind operation failed. Why that happens is hard to say, I'd need more information for that. As the message does not say: address already in use (or similar), I'm guessing the address is not configured? Best regards, Jeroen On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users wrote: > Dear nsd Users, > kindly can

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

Hi, I'm new to NSD and would really appreciate if someone can point me to the right direction. I have like 8 NSD servers (secondary) serving around 30,000 zones. Zone updates are transferred from the primary DNS servers by AXFR/IXFR. The 8 NSD servers do not save the zones file on disk but are only held in memory. Therefore after NSD service is restarted zone transfer requests are being

Dear All, Please help me understand why timestamps in logs are different from those in nsd-control zonestatus output: served-serial: "2024022603 since 2024-02-27T08:07:51" commit-serial: "2024022603 since 2024-02-27T08:07:51" Feb 26 18:47:34 slave-server nsd[780]: zone testzone.test. received update to serial 2024022603 at 2024-02-26T18:47:33 from

Hi Jeroen, I just realised that the version I use is very old -- 4.1. So first what I should do -- updating it and only then come here , asking for clarification. ??, 27 ????. 2024??. ? 14:19, Jeroen Koekkoek <jeroen at nlnetlabs.nl>: > Hi Peter, > > NSD processes updates in batches. xfrd receives the [AI]XFR and > schedules a reload for the main process, which in turn forks

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it