similar to: Question about "store-ixfr"

Dear authors of NSD, currently, the manpages that come with NSD are written in the traditional man(7) markup language. I am proposing to rewrite them into the semantic markup of the mdoc(7) language. I am willing to do the work. See a version of nsd-checkzone.8 below as an example. Both the man(7) and mdoc(7) languages have been around for decades, and are supported by the prevalent formatters:

NSD 4.10.0rc1 is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.10.0rc1.tar.gz sha256 ad476e82eee5bdabc985e071cabe6a68263dd02eac6278ce2f81798b8c08f19f pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.10.0rc1.tar.gz.asc Version 4.10.0 integrates simdzone and drops the Flex+Bison zone parser. NSD used a Flex+Bison based zone parser since version 1.4.0. The parser served NSD well, but zones have

We upgraded to NSD 3.2.9 (from 3.2.8) because we encountered the problem "Fix denial of existence response for empty non-terminal that looks like a NSEC3-only domain (but has data below it)." (a nasty problem with DNSSEC). But we now have IXFR issues. On one name server, NSD 3.2.9 works fine, zones are IXFRed and work. On another name server, with much more zones (and big ones), we

Hi, NSD 4.8.0rc1 pre-release is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz sha256 64f1da8f8163340f9d3b352ef8819e3c72c951fdd87cff55dc3b6a6b1ea27942 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0rc1.tar.gz.asc This release introduces PROXYv2 support and faster statistics gathering, removes the database option and fixes bugs. The proxy protocol support is an implementation

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

Dear NSD users, Here is the release candidate for NSD 3.2.15. This comes with ILNP support, NSD-RRL and different TSIG initialization (it fails if it can't find no suitable algorithms, instead of can't find 'one of the'). Plus some bugfixes. The NSD-RRL implementation is based on the work by Vixie and Schryver. However, because of the code-diversity argument that is at the basis

Jeroen Koekkoek via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > Anand's answer is entirely correct. > > Once 4.8.0 is released, zone files will be written once per hour by > default. I'm confused now :-) Arnand said the "database" option is being removed. Does this mean the database will always be created, or NEVER be created? I always wondered why

Hi all, we have discovered a segfault in nsd-patch when renaming slave zone in nsd config file if some data for this zone still exists in the IXFR diff database. In my case, the zone "black" was renamed to "blackinwhite": > root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c > /cage/nsd/etc/nsd-dns-slave.conf > reading database > reading updates to database >

Hello! I use NSD 4.7.0 self compiled: Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking

Hi, I'm a sys admin and currently working for a french hosting company. We provide DNS services to our customers and at the moment we are using BIND on Debian servers. BIND is a good software but we don't need a recursing DNS for our public DNS, and we needed better security than what BIND provides. So I made the suggestion to replace BIND by another DNS software. NSD appears to be the

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

Hi there! I remember reading that you cannot reload new zone files on the fly and require a full restart of the nsd daemon? We are evaluating multiple DNS servers that have better performance comparing to bind, but will require quite heavy zone reload (new and existing) every 10 minutes or so. Downtime (even 1-3 secs) is not the option. Thanks!

Hi Chris, I'm having trouble trying to reproduce the issue locally. Like you I configure two zones. zone: name: example.com. zonefile: example.com.zone.signed zone: name: bar.example.com. zonefile: bar.example.com.zone The file bar.example.com.zone does not exist. After touching and reloading the signed zone, no segfault occurs. I've tried with and without the

Hi Chris, I've properly started looking into this yesterday. NSD definitely shouldn't crash, still working on that. However, the provided zone is invalid too(?) I'm not the foremost expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for bar.foo.com. Empty non-terminals should still have an NSEC3 RR. (Of course, the delegation point should be at bar.foo.com. too and

Hi Jean-Christophe, Anand's answer is entirely correct. Once 4.8.0 is released, zone files will be written once per hour by default. Best regards, Jeroen On Tue, 2023-12-05 at 10:48 +0100, Anand Buddhdev via nsd-users wrote: > On 04/12/2023 13:47, Jean-Christophe Boggio via nsd-users wrote: > > Hi Jean-Christophe, > > > When syncing between master and slaves, am I

Hi Jeroen, Attached is the zone I used. Did you add the record for a.bar ? Ex: a.bar 300 IN NS ns.somewhere.net. Chris ________________________________ From: Jeroen Koekkoek <jeroen at nlnetlabs.nl> Sent: Tuesday, October 8, 2024 5:33 AM To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl> Subject: Re:

Hi Chris, I can reproduce with your zone. Thanks! Best, Jeroen On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote: > > Hi Jeroen, > > > Attached is the zone I used. Did you add the record for a.bar ? > > > Ex: > > > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net. > > > Chris > > > > > > > > > > >

On 04/12/2023 13:47, Jean-Christophe Boggio via nsd-users wrote: Hi Jean-Christophe, > When syncing between master and slaves, am I supposed to see new files > appear in the slave's "zonesdir" directory? Because, as you might > expect, I see nothing here. Is this behavior normal? From what I > understand, the slave "caches" the data in /var/lib/nsd/nsd.db

Hi, I found a reproducible seg fault with a DNSSEC signed zone and overlapping config. I'm running NSD 4.10.1. Here's how to reproduce. 2 zones in nsd.conf: zone: name: "foo.com." zonefile: "/zones/foo.com.zone.signed" zone: name: "bar.foo.com." zonefile: "/zones/bar.foo.com.zone" Zone files:

Hi list, We are observing strange behavior of nsd v3.2.9 acting as slave DNS server. The environment is set up as follows: 0. We are using 172.16.0.0/16 subnet; 1. Primary Master server at 172.16.100.114; 2. Slave server at 172.16.100.115. The config file is in /etc/nsd-dns-slave.conf; 3. There may be also other Master servers im the given subnet. Now I want to permit DNS NOTIFY messages to