similar to: Frequent RRL false negatives when using multiple server processes on Linux

Dear NSD users, Here is the release candidate for NSD 3.2.15. This comes with ILNP support, NSD-RRL and different TSIG initialization (it fails if it can't find no suitable algorithms, instead of can't find 'one of the'). Plus some bugfixes. The NSD-RRL implementation is based on the work by Vixie and Schryver. However, because of the code-diversity argument that is at the basis

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

Hello NSD developers, The new release candidate of NSD, with the new prometheus metrics feature, got me thinking about NSD's feature set, and how so many of its features have to be enabled at compile time. The result of of this is that NSD packages on various operating systems behave differently. I would like to propose that you adjust the build process to compile in *all* the features of

Hello, Lutz Donnerhacke implemented DNS-Dampening. http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening The implementation is available as patch for BIND9 only. He told me that there is an other method preferred by the nsd developer. It's called "Response Rate Limiting". May one describe the idea behind rate limiting and compare it with Lutz' solution? Thanks. -- Andreas

Hello! I use NSD 4.7.0 self compiled: Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking

People are proposing rate-limiting built into BIND, to defend against some DoS attackes (a proposal <http://fanf.livejournal.com/122111.html> and its implementation <https://github.com/fanf2/bind-9/blob/master/doc/misc/ratelimiting>). What is the current thinking for NSD? (It is a truly open question, do not take it as "this guy requires rate-limiting in NSD".)

Dear all, NSD 4.12.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz sha256 b9085a3fd08b8318ac30715faf1c7698099781eb3520253774a46f74386342e9 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz.asc This release introduces Prometheus metrics that can be compiled with `--enable-prometheus-metrics` and configured with `enable-metrics` (see

Hi "xfrd: failed reading tcp Operation now in progress" has recently started cropping up in my logs on an NSD secondary (pulling from a PowerDNS primary). My other secondary runs Knot and has no issues. What does the obscure message mean and (more importantly) how do I fix it ? A reboot of the host did not help and there are no updates pending. This is Debian Bookworm and NSD is from

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

Hello, NSD 4.8.0 running on FreeBSD 13.2-RELEASE-p9 and serving both plain and DNSSEC signed zones. I noticed Permission denied errors in the logs for all domains listed in nsd.conf: [2024-01-12 12:20:05.710] nsd[8655]: info: writing zone domain-plain.org to file domain-plain.org [2024-01-12 12:20:05.710] nsd[8655]: error: cannot write zone domain-plain.org file domain-plain.org~: Permission

Hello I have this problem since a week or so: The nsd daemon crashes unexpectedly and the nsd log files shows this: [1200299533] nsd[3736]: info: XSTATS 1200299533 1200298484 RR=0 RNXD=0 RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=0 SAns=40 SFwdQ=0 SDupQ=0 SErr=0 RQ=37 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0 SFail=30 SFErr=0 SNaAns=0 SNXD=0 RUQ=0 RURQ=0 RUXFR=0 RUUpd=1

Hi, I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found something strange when changing (nsd-control reconfig) one zone from: zone: name: 10.in-addr.arpa zonefile: /zones/empty.zone to zone: name: 10.in-addr.arpa request-xfr: 192.168.122.12 NOKEY allow-notify: 192.168.122.12 NOKEY zonefile: /zones/slave/10.rev and doing nsd-control reconfig. After

I am installing my first xen system (CentOS 5.3). The host system seems to be ok. I am following this tutorial: http://www.howtoforge.com/installing-xen-on-centos-5.2-i386-p2 Now I try to use virt-install to install the first guest system, but I cannot find a working install source. I have tried at least these: http://ftp.funet.fi/pub/mirrors/centos.org/5.3/isos/i386/

Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and

While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs. So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS. But if

Hi Jean Claude, The message is printed when the bind operation failed. Why that happens is hard to say, I'd need more information for that. As the message does not say: address already in use (or similar), I'm guessing the address is not configured? Best regards, Jeroen On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users wrote: > Dear nsd Users, > kindly can

Hi all, I'm running NSD 4.9.1 on OpenBSD 7.6. I recently upgraded from OpenBSD 7.5, which I believe had NSD 4.8.0 in base, and did not see this behavior prior. When I try to reload a zone using nsd-control, I am seeing an error message in my logfile: "error: reload: old-main quit during quit sync" This error does not appear to happen every time I run reload, but it does get

NSD 2.3.2 is a bugfix release. Please see the README document for configuration and installation instructions. You can download NSD from http://www.nlnetlabs.nl/nsd/ Note: we switched to SHA-1 for tarball digest. 2.3.2 ============= FEATURES: - Bug #101: add support for the SPF record. BUG FIXES: - Bug #100: replaced non-portable use of timegm(3) with portable

Hi Jeroen, Attached is the zone I used. Did you add the record for a.bar ? Ex: a.bar 300 IN NS ns.somewhere.net. Chris ________________________________ From: Jeroen Koekkoek <jeroen at nlnetlabs.nl> Sent: Tuesday, October 8, 2024 5:33 AM To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re:

Hi Chris, I can reproduce with your zone. Thanks! Best, Jeroen On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > Hi Jeroen, > > > Attached is the zone I used. Did you add the record for a.bar ? > > > Ex: > > > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net. > > > Chris > > > > > > > > > > >