similar to: Split-horizon question

Greetings, Unbound 1.4.20 OS X 10.8.4 - Server NSD 3.2.15 I have installed 'unbound' and it works nicely on my client (test purpose) - Client is MacBook Air. I have installed NSD (will be in replacement of BIND) on said client. All is good but when i try to start NSD Error --> nsd can't bind udp socket: address already in use. Everything is configured to bind to 127.0.0.1. #

Hi, I was playing with the munin plugin in nsd4 beta4, and saw some strange errors. Directly after starting nsd on linux, I'm seeing: $ ps ax -o pid,ppid,user,args | grep nsd 1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf 1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf $ sudo munin-run nsd_munin_memory

Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and

Hi Andreas, On 16/04/2025 23:17, A. Schulze via nsd-users wrote: > 4. any chance, that https://github.com/NLnetLabs/nsd/pull/437 find it's > way in 4.12? > ?? a similar change in active in unbound-1.23.0rc2 and works well there. This change was heading to 4.12 but we pulled it because it was breaking software that implicitly sends the SOA probe over UDP. Maybe a more lenient

Hi Chris, I can reproduce with your zone. Thanks! Best, Jeroen On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > Hi Jeroen, > > > Attached is the zone I used. Did you add the record for a.bar ? > > > Ex: > > > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net. > > > Chris > > > > > > > > > > >

Hi, I found a reproducible seg fault with a DNSSEC signed zone and overlapping config. I'm running NSD 4.10.1. Here's how to reproduce. 2 zones in nsd.conf: zone: name: "foo.com." zonefile: "/zones/foo.com.zone.signed" zone: name: "bar.foo.com." zonefile: "/zones/bar.foo.com.zone" Zone files:

Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the

Hi Jeroen, Attached is the zone I used. Did you add the record for a.bar ? Ex: a.bar 300 IN NS ns.somewhere.net. Chris ________________________________ From: Jeroen Koekkoek <jeroen at nlnetlabs.nl> Sent: Tuesday, October 8, 2024 5:33 AM To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re:

This release is an alpha release. We are currently not planning to have a 1.4.0 stable release as we want to prioritize implementing DNSSEC first. The next stable release will then be NSD 2.0.0 with DNSSEC support. This release has some major changes: the database format is much more compact, responses are generated on-the-fly instead of being precompiled in the database, and the new

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

Am 17.04.25 um 09:58 schrieb Yorgos Thessalonikefs via nsd-users: > Hi Andreas, > > On 16/04/2025 23:17, A. Schulze via nsd-users wrote: >> 4. any chance, that https://github.com/NLnetLabs/nsd/pull/437 find it's way in 4.12? >> ??? a similar change in active in unbound-1.23.0rc2 and works well there. > This change was heading to 4.12 but we pulled it because it was

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

Hello, while investigating a report from Jan-Piet Mens (resulting in http://wiki.powerdns.com/trac/changeset/3109), we discovered that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP content. As far as I can see, this is not allowed by RFC3597 section 4 paragraph 1/2. PowerDNS Recursor, like Unbound and BIND, now deals with this as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless,

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

Hello, My question is not related to NSD in particular, but I have seen here on the list a lot of people that work for TLDs and other Registrars and Registry operators I thought it would be a good place to ask this question. It is about DNS though, not completely off topic :). I have encountered in my DNS studies a few name servers that let you transfer zones they are authoritative for. The

Dear all, NSD 4.12.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz sha256 b9085a3fd08b8318ac30715faf1c7698099781eb3520253774a46f74386342e9 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.12.0rc1.tar.gz.asc This release introduces Prometheus metrics that can be compiled with `--enable-prometheus-metrics` and configured with `enable-metrics` (see

Hi Andreas, On 18/04/2025 23:28, A. Schulze via nsd-users wrote: > I added #437 to my build. It works, somehow... > > I cannot imagine a scenario for any (resolver?) software to implicitly > send a SOA probe over UDP to port 853 / not port 53 > Could you clarify this, please? Unbound is an example when configured with auth zones, it will send the SOA prove over UDP before

Rick, My apologies :) zongo -------- Original Message -------- Subject: Re: [nsd-users] nsd can't bind udp socket: Address already in use Date: Wed, 10 Jul 2013 19:33:20 +0200 From: Rick van Rein (OpenFortress) <rick at openfortress.nl> To: zongo saiba <zongosaiba at gmail.com> zongo, you only sent this to me? -rick On Jul 10, 2013, at 7:04 PM, zongo saiba

While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs. So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS. But if

hi, On 2024-12-27 22:32, Fredrik Pettai via nsd-users wrote: > Hello, > > It seems our NSD secondary has triggered some sort of intermittent bug > After several weeks/months of running nsd stops forking with the new > zone data. > > A manual nsd-control transfer or even nsd-control force_transfer won?t > work, only restart of nsd solves the problem. > The only