Displaying 20 results from an estimated 3000 matches similar to: "query: bad tsig signature for key"
2024 May 16
1
query: bad tsig signature for key
Could someone kindly explain what "query: bad tsig signature for key" means and how to fix it ?
I have quadruple checked (a) tsig key matches both sides (b) tsig algo matches both sides.
Primary is PowerDNS 4.9.0 (from the PowerDNS repo)
Secondaries are NSD 4.6.1 (from Debian Bookworm distro repo)
The secondaries do not receive notifies from primary, instead posting the above error
2013 Feb 04
1
NSD 3.2.15 released (+RRL)
Dear NSD users,
Here is the release candidate for NSD 3.2.15. This comes with ILNP
support, NSD-RRL and different TSIG initialization (it fails if it can't
find no suitable algorithms, instead of can't find 'one of the'). Plus
some bugfixes.
The NSD-RRL implementation is based on the work by Vixie and Schryver.
However, because of the code-diversity argument that is at the basis
2024 Jan 11
1
support for ALIAS records
While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs.
So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS.
But if
2024 Feb 28
1
About timestamps in logs and zonestatus
Hi Jeroen,
I just realised that the version I use is very old -- 4.1. So first what I
should do -- updating it and only then come here , asking for clarification.
??, 27 ????. 2024??. ? 14:19, Jeroen Koekkoek <jeroen at nlnetlabs.nl>:
> Hi Peter,
>
> NSD processes updates in batches. xfrd receives the [AI]XFR and
> schedules a reload for the main process, which in turn forks
2012 Nov 28
1
Build error of NSD4 on Debian Squeeze
Hello World,
I am trying to build NSD4 on Debian Squeeze and I get the following
errors when running `make`.
```
$ pwd
/home/wiz/src/nsd/tags/NSD_4_0_0_imp_5
$ make
[... output omitted ...]
gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o
configparse
acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o
tsig-opens
4_pton.o b64_ntop.o -lcrypto
configparser.o: In
2024 Jan 11
1
support for ALIAS records
Hi Christof!
AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS.
Regards
Klaus
PS: If
2024 Feb 27
2
About timestamps in logs and zonestatus
Dear All,
Please help me understand why timestamps in logs are different from those
in nsd-control zonestatus output:
served-serial: "2024022603 since 2024-02-27T08:07:51"
commit-serial: "2024022603 since 2024-02-27T08:07:51"
Feb 26 18:47:34 slave-server nsd[780]: zone testzone.test. received update
to serial 2024022603 at 2024-02-26T18:47:33 from
2024 Feb 27
1
About timestamps in logs and zonestatus
Hi Peter,
NSD processes updates in batches. xfrd receives the [AI]XFR and
schedules a reload for the main process, which in turn forks new serve
children. The served-serial is updated after main reports success, the
commit-serial (update written to disk) is updated before the reload (to
explain the serials).
The difference in timestamp can be explained by the fact that NSD looks
up if the serial
2024 Jan 10
1
support for ALIAS records
Hello!
Does nsd support ALIAS records or is there a plan to support it somewhen in the future? I didn't find anything about this topic in conjunction with nsd. Afaik there is no RFC for it and I guess therefore nsd does not support it.
PowerDNS does for example: https://doc.powerdns.com/authoritative/guides/alias.html
Br,
Christof
-------------- next part --------------
An HTML attachment
2023 Jun 26
1
NSD reload and restart : in-memory data
Hi,
I'm new to NSD and would really appreciate if someone can point me to the
right direction.
I have like 8 NSD servers (secondary) serving around 30,000 zones.
Zone updates are transferred from the primary DNS servers by AXFR/IXFR.
The 8 NSD servers do not save the zones file on disk but are only held in
memory.
Therefore after NSD service is restarted zone transfer requests are being
2023 Apr 24
1
nsd issue
Hi Jean Claude,
The message is printed when the bind operation failed. Why that happens
is hard to say, I'd need more information for that. As the message does
not say: address already in use (or similar), I'm guessing the address
is not configured?
Best regards,
Jeroen
On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users
wrote:
> Dear nsd Users,
> kindly can
2024 Apr 25
3
NSD 4.10.0rc1 pre-release
NSD 4.10.0rc1 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.10.0rc1.tar.gz
sha256 ad476e82eee5bdabc985e071cabe6a68263dd02eac6278ce2f81798b8c08f19f
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.10.0rc1.tar.gz.asc
Version 4.10.0 integrates simdzone and drops the Flex+Bison zone
parser.
NSD used a Flex+Bison based zone parser since version 1.4.0. The parser
served NSD well, but zones have
2013 Nov 29
2
nsd 4.0 EAGAIN loop in sendmmsg(2)
On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is
spinning chewing CPU. The logs show:
Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily
unavailable
ktruss shows it getting EAGAIN from sendmmsg(2) over and over again.
According to the man page:
[EAGAIN|EWOULDBLOCK]
The socket is marked non-blocking and the requested
2023 Jul 27
1
High memory consumption for small AXFR
Hello!
I use NSD 4.7.0 self compiled:
Configure line: --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-option-checking --disable-silent-rules --libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking
2023 Jul 21
1
Adding SRV records to zone
Hi Sagar,
Are you getting a particular error?
Because the same method should work just fine in NSD. Simply open the
corresponding zone file (as configured in nsd.conf) and put that line
in there.
Best regards,
Jeroen Koekkoek
On Fri, 2023-07-21 at 09:14 +0200, Sagar Acharya via nsd-users wrote:
> How do I add SRV record to my zone file?
>
> Eg. In pdns I have
>
>
2012 Jul 18
4
Unsecured zone transfers and open resolvers
Hello,
My question is not related to NSD in particular, but I have seen here on
the list a lot of people that work for TLDs and other Registrars and
Registry operators I thought it would be a good place to ask this
question. It is about DNS though, not completely off topic :).
I have encountered in my DNS studies a few name servers that let you
transfer zones they are authoritative for. The
2013 Mar 01
1
NSD compressing RP content
Hello,
while investigating a report from Jan-Piet Mens (resulting in http://wiki.powerdns.com/trac/changeset/3109), we discovered that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP content. As far as I can see, this is not allowed by RFC3597 section 4 paragraph 1/2.
PowerDNS Recursor, like Unbound and BIND, now deals with this as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless,
2005 Dec 05
1
ANNOUNCEMENT: NSD 2.3.2 released
NSD 2.3.2 is a bugfix release.
Please see the README document for configuration and installation
instructions.
You can download NSD from http://www.nlnetlabs.nl/nsd/
Note: we switched to SHA-1 for tarball digest.
2.3.2
=============
FEATURES:
- Bug #101: add support for the SPF record.
BUG FIXES:
- Bug #100: replaced non-portable use of timegm(3) with
portable
2019 Dec 28
2
tinydns to nsd
On Sat, 28 Dec 2019 17:02:09 +0100
richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:
> The problem is (was) that I used "include:" statements in nsd.conf
> to load zone information. Apparently nsd does not reread the include
> files upon a SIGHUP. I scripted everything into 1 file and a HUP
> rereads the zone info now.
Wrong, I made a mistake it
2012 Jul 23
1
[PATCH] nsd-patch: fix segfault after renaming slave zone
Hi all,
we have discovered a segfault in nsd-patch when renaming slave zone in nsd
config file if some data for this zone still exists in the IXFR diff
database.
In my case, the zone "black" was renamed to "blackinwhite":
> root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c
> /cage/nsd/etc/nsd-dns-slave.conf
> reading database
> reading updates to database
>