similar to: High memory consumption for small AXFR

Hi, I'm new to NSD and would really appreciate if someone can point me to the right direction. I have like 8 NSD servers (secondary) serving around 30,000 zones. Zone updates are transferred from the primary DNS servers by AXFR/IXFR. The 8 NSD servers do not save the zones file on disk but are only held in memory. Therefore after NSD service is restarted zone transfer requests are being

Hi, NSD 4.8.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz sha256 64f1da8f8163340f9d3b352ef8819e3c72c951fdd87cff55dc3b6a6b1ea27942 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz.asc This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation

Hi NSD developers, I have been experimenting with the "store-ixfr" feature in NSD. I have a configuration with: server: zonefiles-write: 0 pattern: store-ixfr: yes With this configuration, NSD transfers zones from a primary, and keeps them in RAM. When the zones are updated, it receives and stores the IXFR in RAM too. I can query NSD with the IXFR qtype, and it replies with

Dear authors of NSD, currently, the manpages that come with NSD are written in the traditional man(7) markup language. I am proposing to rewrite them into the semantic markup of the mdoc(7) language. I am willing to do the work. See a version of nsd-checkzone.8 below as an example. Both the man(7) and mdoc(7) languages have been around for decades, and are supported by the prevalent formatters:

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

Hi all, we have discovered a segfault in nsd-patch when renaming slave zone in nsd config file if some data for this zone still exists in the IXFR diff database. In my case, the zone "black" was renamed to "blackinwhite": > root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c > /cage/nsd/etc/nsd-dns-slave.conf > reading database > reading updates to database >

Hello, NSD 4.8.0 running on FreeBSD 13.2-RELEASE-p9 and serving both plain and DNSSEC signed zones. I noticed Permission denied errors in the logs for all domains listed in nsd.conf: [2024-01-12 12:20:05.710] nsd[8655]: info: writing zone domain-plain.org to file domain-plain.org [2024-01-12 12:20:05.710] nsd[8655]: error: cannot write zone domain-plain.org file domain-plain.org~: Permission

I have used tinydns for many many years now and it has always worked very well. I like its simplicity: 1 text file is converted into a cdb database, there's no master/slave environment (all nameservers are equal) and synchronisation is done by rsync. Tinydns is run by runit, a supervise system. I'm looking at NSD now and I think I can use NSD the same way I use tinydns. The only

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to

An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230222/50ca00eb/attachment.htm>

Hello World, I am trying to build NSD4 on Debian Squeeze and I get the following errors when running `make`. ``` $ pwd /home/wiz/src/nsd/tags/NSD_4_0_0_imp_5 $ make [... output omitted ...] gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o configparse acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o tsig-opens 4_pton.o b64_ntop.o -lcrypto configparser.o: In

Dear NSD users, Here is the release candidate for NSD 3.2.15. This comes with ILNP support, NSD-RRL and different TSIG initialization (it fails if it can't find no suitable algorithms, instead of can't find 'one of the'). Plus some bugfixes. The NSD-RRL implementation is based on the work by Vixie and Schryver. However, because of the code-diversity argument that is at the basis

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

Hi, I have a query regarding running a manual update of nsd via: # nsdc update My NSD server is accepting notifications from two servers. From my nsd.conf: # master 1 allow-notify: X.X.X.X NOKEY request-xfr: AXFR X.X.X.X NOKEY # master 2 allow-notify: Y.Y.Y.Y NOKEY request-xfr: AXFR Y.Y.Y.Y NOKEY Are both servers sequentially queried each time

Hi, I've been working on a replacement for nsd-xfer/bind-xfer for the use with NSD for some evenings now, and since I believe that at least some of you do have the same problem I experienced during my transition to NSD (that is, bind-xfer is only available in BIND8, which is sometimes a little bit peeky in being compiled, plus the many invokations of that program during the regular

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

I wonder how to process the statistics logged by nsd. We compile with --enable-bind8-stats and I thought we would be able to reuse the Perl script that translated our BIND8 statistics to MRTG. But the script has problems, probably because nsd has several daemons, not just one, and each one is logging statistics. Aug 4 10:34:01 ns2 nsd[24573]: NSTATS 1059986041 1059979224 A=292259 NS=4886

Hello, My question is not related to NSD in particular, but I have seen here on the list a lot of people that work for TLDs and other Registrars and Registry operators I thought it would be a good place to ask this question. It is about DNS though, not completely off topic :). I have encountered in my DNS studies a few name servers that let you transfer zones they are authoritative for. The

Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because