Displaying 20 results from an estimated 6000 matches similar to: "Split-horizon question"
2013 Jul 10
4
nsd can't bind udp socket: Address already in use
Greetings,
Unbound 1.4.20
OS X 10.8.4 - Server
NSD 3.2.15
I have installed 'unbound' and it works nicely on my client (test
purpose) - Client is MacBook Air.
I have installed NSD (will be in replacement of BIND) on said client.
All is good but when i try to start NSD
Error --> nsd can't bind udp socket: address already in use.
Everything is configured to bind to 127.0.0.1.
#
2013 Mar 11
1
nsd4 process weirdness?
Hi,
I was playing with the munin plugin in nsd4 beta4, and saw some strange
errors. Directly after starting nsd on linux, I'm seeing:
$ ps ax -o pid,ppid,user,args | grep nsd
1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
$ sudo munin-run nsd_munin_memory
2003 Nov 06
2
ANNOUNCEMENT: NSD 1.4.0 alpha 1
This release is an alpha release. We are currently not planning to have a
1.4.0 stable release as we want to prioritize implementing DNSSEC first.
The next stable release will then be NSD 2.0.0 with DNSSEC support.
This release has some major changes: the database format is much more
compact, responses are generated on-the-fly instead of being precompiled in
the database, and the new
2019 Dec 28
2
tinydns to nsd
On Sat, 28 Dec 2019 17:02:09 +0100
richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:
> The problem is (was) that I used "include:" statements in nsd.conf
> to load zone information. Apparently nsd does not reread the include
> files upon a SIGHUP. I scripted everything into 1 file and a HUP
> rereads the zone info now.
Wrong, I made a mistake it
2012 Mar 05
3
IXFR regression in nsd 3.2.9?
We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the
problem "Fix denial of existence response for empty non-terminal that
looks like a NSEC3-only domain (but has data below it)." (a nasty
problem with DNSSEC). But we now have IXFR issues.
On one name server, NSD 3.2.9 works fine, zones are IXFRed and work.
On another name server, with much more zones (and big ones), we
2013 Mar 01
1
NSD compressing RP content
Hello,
while investigating a report from Jan-Piet Mens (resulting in http://wiki.powerdns.com/trac/changeset/3109), we discovered that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP content. As far as I can see, this is not allowed by RFC3597 section 4 paragraph 1/2.
PowerDNS Recursor, like Unbound and BIND, now deals with this as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless,
2012 Jun 08
2
Best practices to switch from BIND to NSD
Hi,
I'm a sys admin and currently working for a french hosting company. We
provide DNS services to our customers and at the moment we are using BIND
on Debian servers. BIND is a good software but we don't need a recursing
DNS for our public DNS, and we needed better security than what BIND provides.
So I made the suggestion to replace BIND by another DNS software.
NSD appears to be the
2012 Jul 18
4
Unsecured zone transfers and open resolvers
Hello,
My question is not related to NSD in particular, but I have seen here on
the list a lot of people that work for TLDs and other Registrars and
Registry operators I thought it would be a good place to ask this
question. It is about DNS though, not completely off topic :).
I have encountered in my DNS studies a few name servers that let you
transfer zones they are authoritative for. The
2013 Jul 10
0
Fwd: Re: nsd can't bind udp socket: Address already in use
Rick,
My apologies :)
zongo
-------- Original Message --------
Subject: Re: [nsd-users] nsd can't bind udp socket: Address already in use
Date: Wed, 10 Jul 2013 19:33:20 +0200
From: Rick van Rein (OpenFortress) <rick at openfortress.nl>
To: zongo saiba <zongosaiba at gmail.com>
zongo,
you only sent this to me?
-rick
On Jul 10, 2013, at 7:04 PM, zongo saiba
2024 Jan 11
1
support for ALIAS records
While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs.
So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS.
But if
2013 Nov 29
2
nsd 4.0 EAGAIN loop in sendmmsg(2)
On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is
spinning chewing CPU. The logs show:
Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily
unavailable
ktruss shows it getting EAGAIN from sendmmsg(2) over and over again.
According to the man page:
[EAGAIN|EWOULDBLOCK]
The socket is marked non-blocking and the requested
2024 Jan 11
1
support for ALIAS records
Hi Christof!
AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS.
Regards
Klaus
PS: If
2012 Nov 28
1
Build error of NSD4 on Debian Squeeze
Hello World,
I am trying to build NSD4 on Debian Squeeze and I get the following
errors when running `make`.
```
$ pwd
/home/wiz/src/nsd/tags/NSD_4_0_0_imp_5
$ make
[... output omitted ...]
gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o
configparse
acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o
tsig-opens
4_pton.o b64_ntop.o -lcrypto
configparser.o: In
2023 Apr 24
1
nsd issue
Hi Jean Claude,
The message is printed when the bind operation failed. Why that happens
is hard to say, I'd need more information for that. As the message does
not say: address already in use (or similar), I'm guessing the address
is not configured?
Best regards,
Jeroen
On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users
wrote:
> Dear nsd Users,
> kindly can
2024 Feb 28
1
About timestamps in logs and zonestatus
Hi Jeroen,
I just realised that the version I use is very old -- 4.1. So first what I
should do -- updating it and only then come here , asking for clarification.
??, 27 ????. 2024??. ? 14:19, Jeroen Koekkoek <jeroen at nlnetlabs.nl>:
> Hi Peter,
>
> NSD processes updates in batches. xfrd receives the [AI]XFR and
> schedules a reload for the main process, which in turn forks
2024 Jan 12
1
error: cannot write zone : Permission denied
Hello,
NSD 4.8.0 running on FreeBSD 13.2-RELEASE-p9 and serving both plain
and DNSSEC signed zones.
I noticed Permission denied errors in the logs for all domains listed
in nsd.conf:
[2024-01-12 12:20:05.710] nsd[8655]: info: writing zone
domain-plain.org to file domain-plain.org
[2024-01-12 12:20:05.710] nsd[8655]: error: cannot write zone
domain-plain.org file domain-plain.org~: Permission
2013 Jan 17
1
concepts against amplification using dnssec
Hello,
Lutz Donnerhacke implemented DNS-Dampening.
http://lutz.donnerhacke.de/eng/Blog/DNS-Dampening
The implementation is available as patch for BIND9 only.
He told me that there is an other method preferred by the nsd developer.
It's called "Response Rate Limiting".
May one describe the idea behind rate limiting and compare it with Lutz' solution?
Thanks.
--
Andreas
2024 Feb 27
1
About timestamps in logs and zonestatus
Hi Peter,
NSD processes updates in batches. xfrd receives the [AI]XFR and
schedules a reload for the main process, which in turn forks new serve
children. The served-serial is updated after main reports success, the
commit-serial (update written to disk) is updated before the reload (to
explain the serials).
The difference in timestamp can be explained by the fact that NSD looks
up if the serial
2024 Feb 27
2
About timestamps in logs and zonestatus
Dear All,
Please help me understand why timestamps in logs are different from those
in nsd-control zonestatus output:
served-serial: "2024022603 since 2024-02-27T08:07:51"
commit-serial: "2024022603 since 2024-02-27T08:07:51"
Feb 26 18:47:34 slave-server nsd[780]: zone testzone.test. received update
to serial 2024022603 at 2024-02-26T18:47:33 from
2012 Jul 18
1
allow-notify SUBNET and request-xfr inconsistency
Hi list,
We are observing strange behavior of nsd v3.2.9 acting as slave DNS server.
The environment is set up as follows:
0. We are using 172.16.0.0/16 subnet;
1. Primary Master server at 172.16.100.114;
2. Slave server at 172.16.100.115. The config file is
in /etc/nsd-dns-slave.conf;
3. There may be also other Master servers im the given subnet.
Now I want to permit DNS NOTIFY messages to