Displaying 20 results from an estimated 600 matches similar to: "NSD incorrectly logging DNAME as refused?"
2024 Jul 03
3
NSD incorrectly logging DNAME as refused?
B.t.w. I've created a PR for it that resolves it (see
https://github.com/NLnetLabs/nsd/pull/346 ), but we may need to discuss
if and how to resolve it first. First I'd like to know if your
configuration is similar in that the CNAME or DNAME target does contain
an allow-query list.
Op 03-07-2024 om 10:52 schreef Willem Toorop via nsd-users:
> Hi Jamie,
>
> I can reproduce,
2013 Mar 11
1
nsd4 process weirdness?
Hi,
I was playing with the munin plugin in nsd4 beta4, and saw some strange
errors. Directly after starting nsd on linux, I'm seeing:
$ ps ax -o pid,ppid,user,args | grep nsd
1638 1 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
1641 1638 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
1647 1641 nsd /usr/sbin/nsd -c /etc/nsd/nsd.conf
$ sudo munin-run nsd_munin_memory
2005 Dec 05
1
ANNOUNCEMENT: NSD 2.3.2 released
NSD 2.3.2 is a bugfix release.
Please see the README document for configuration and installation
instructions.
You can download NSD from http://www.nlnetlabs.nl/nsd/
Note: we switched to SHA-1 for tarball digest.
2.3.2
=============
FEATURES:
- Bug #101: add support for the SPF record.
BUG FIXES:
- Bug #100: replaced non-portable use of timegm(3) with
portable
2013 Nov 29
2
nsd 4.0 EAGAIN loop in sendmmsg(2)
On NetBSD 6.99.28-CURRENT, nsd 3.2.16 works fine, however nsd 4.0.0 is
spinning chewing CPU. The logs show:
Nov 28 23:07:00 xxx nsd[466]: sendmmsg failed: Resource temporarily
unavailable
ktruss shows it getting EAGAIN from sendmmsg(2) over and over again.
According to the man page:
[EAGAIN|EWOULDBLOCK]
The socket is marked non-blocking and the requested
2023 Apr 24
1
nsd issue
Hi Jean Claude,
The message is printed when the bind operation failed. Why that happens
is hard to say, I'd need more information for that. As the message does
not say: address already in use (or similar), I'm guessing the address
is not configured?
Best regards,
Jeroen
On Fri, 2023-04-21 at 18:03 +0200, HAKIZIMANA Jean Claude via nsd-users
wrote:
> Dear nsd Users,
> kindly can
2019 Dec 28
2
tinydns to nsd
On Sat, 28 Dec 2019 17:02:09 +0100
richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:
> The problem is (was) that I used "include:" statements in nsd.conf
> to load zone information. Apparently nsd does not reread the include
> files upon a SIGHUP. I scripted everything into 1 file and a HUP
> rereads the zone info now.
Wrong, I made a mistake it
2012 Jul 18
1
allow-notify SUBNET and request-xfr inconsistency
Hi list,
We are observing strange behavior of nsd v3.2.9 acting as slave DNS server.
The environment is set up as follows:
0. We are using 172.16.0.0/16 subnet;
1. Primary Master server at 172.16.100.114;
2. Slave server at 172.16.100.115. The config file is
in /etc/nsd-dns-slave.conf;
3. There may be also other Master servers im the given subnet.
Now I want to permit DNS NOTIFY messages to
2012 Nov 28
1
Build error of NSD4 on Debian Squeeze
Hello World,
I am trying to build NSD4 on Debian Squeeze and I get the following
errors when running `make`.
```
$ pwd
/home/wiz/src/nsd/tags/NSD_4_0_0_imp_5
$ make
[... output omitted ...]
gcc -g -O2 -o nsd-checkconf answer.o axfr.o buffer.o configlexer.o
configparse
acket.o query.o rbtree.o radtree.o rdata.o region-allocator.o tsig.o
tsig-opens
4_pton.o b64_ntop.o -lcrypto
configparser.o: In
2012 Jun 08
2
Best practices to switch from BIND to NSD
Hi,
I'm a sys admin and currently working for a french hosting company. We
provide DNS services to our customers and at the moment we are using BIND
on Debian servers. BIND is a good software but we don't need a recursing
DNS for our public DNS, and we needed better security than what BIND provides.
So I made the suggestion to replace BIND by another DNS software.
NSD appears to be the
2012 Jul 23
1
[PATCH] nsd-patch: fix segfault after renaming slave zone
Hi all,
we have discovered a segfault in nsd-patch when renaming slave zone in nsd
config file if some data for this zone still exists in the IXFR diff
database.
In my case, the zone "black" was renamed to "blackinwhite":
> root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c
> /cage/nsd/etc/nsd-dns-slave.conf
> reading database
> reading updates to database
>
2006 Dec 07
1
a few more notes
hi,
while all files is owned by nsd user and nsd run as nsd the nsd.db is
still owned by root user (because the compiler run as root and create
this file as root, ok i know just it'd be better if this file is owned
by nsd too).
another strange thing is that on the slave nsd i've got such messages:
-----------------------------------------
zonec: reading zone "lfarkas.org".
2008 Jan 15
1
problem using nsd
Hello I have this problem since a week or so:
The nsd daemon crashes unexpectedly and the nsd log files shows this:
[1200299533] nsd[3736]: info: XSTATS 1200299533 1200298484 RR=0 RNXD=0
RFwdR=0 RDupR=0 RFail=0 RFErr=0 RErr=0 RAXFR=0 RLame=0 ROpts=0 SSysQ=0
SAns=40 SFwdQ=0 SDupQ=0 SErr=0 RQ=37 RIQ=0 RFwdQ=0 RDupQ=0 RTCP=0 SFwdR=0
SFail=30 SFErr=0 SNaAns=0 SNXD=0 RUQ=0 RURQ=0 RUXFR=0 RUUpd=1
2024 Jan 11
1
support for ALIAS records
While SVCB/HTTPS provides a better solution for the browsing use case, I see other use cases where ALIAS/ANAME would be ideal, notably in apex RRs.
So while fostering SVCB/HTTPS deployment is a good thing, I wouldn?t mind name server software implementing ALIAS. Including NSD, but I reckon it?s much more challenging to do due to NSD architecture than it was to implement it in PowerDNS.
But if
2013 Nov 06
1
Frequent RRL false negatives when using multiple server processes on Linux
Hi,
Please advise how to use Response Rate Limiting on a server which has
multiple NSD server processes (nsd.conf server section has server-count
> 1).
We have a problem with NSD v3.2.16 repeatedly unblocking and blocking
again a single source which is flooding positive queries at a ~steady
700 qps rate. rrl-ratelimit setting is the default 200 qps. The
unblock-block happens multiple times
2013 Oct 18
1
nsd-4.0.0b5(and rc2) and changing zone from master to slave ?
Hi,
I'm doing some quick tests with nsd-4.0.0b5 and (rc2). And found
something strange when changing (nsd-control reconfig) one
zone from:
zone:
name: 10.in-addr.arpa
zonefile: /zones/empty.zone
to
zone:
name: 10.in-addr.arpa
request-xfr: 192.168.122.12 NOKEY
allow-notify: 192.168.122.12 NOKEY
zonefile: /zones/slave/10.rev
and doing nsd-control reconfig.
After
2024 Feb 27
2
About timestamps in logs and zonestatus
Dear All,
Please help me understand why timestamps in logs are different from those
in nsd-control zonestatus output:
served-serial: "2024022603 since 2024-02-27T08:07:51"
commit-serial: "2024022603 since 2024-02-27T08:07:51"
Feb 26 18:47:34 slave-server nsd[780]: zone testzone.test. received update
to serial 2024022603 at 2024-02-26T18:47:33 from
2013 Jul 10
4
nsd can't bind udp socket: Address already in use
Greetings,
Unbound 1.4.20
OS X 10.8.4 - Server
NSD 3.2.15
I have installed 'unbound' and it works nicely on my client (test
purpose) - Client is MacBook Air.
I have installed NSD (will be in replacement of BIND) on said client.
All is good but when i try to start NSD
Error --> nsd can't bind udp socket: address already in use.
Everything is configured to bind to 127.0.0.1.
#
2024 Jul 24
2
NSD 4.10.1rc2 pre-release
Am 23.07.24 um 17:28 schrieb Jeroen Koekkoek via nsd-users:
> NSD 4.10.1rc2 pre-release is available:
no compile time warnings while building on debian bookworm/x86_64
> @bilias implemented mutual TLS authentication for zone transfers.
> Please consult the nsd.conf manual for details on the newly introduced
> configuration options tls-auth-port and tls-auth-xfr-only.
this is an nice
2024 May 17
1
query: bad tsig signature for key
hi,
At least with a recent version if it is a time sync issue nsd will do a specific log msg that.
Laura,
can you send over the actual configuration?
(maybe replacing the key with a placeholder or rotating the keys afterwards)
It sounds strange if nsd checks tsig on the notify, but allow xfr without it.
Regards,
Tam?s
May 16, 2024 16:14:59 Anand Buddhdev via nsd-users <nsd-users at
2024 Jan 11
1
support for ALIAS records
Hi Christof!
AFAIK, PowerDNS is the only open source name server that supports ALIAS. There was an idea to standardize ALIAS as "ANAME" (https://datatracker.ietf.org/doc/draft-ietf-dnsop-aname/), but the idea was dropped in favor of SVCB/HTTPS record https://datatracker.ietf.org/doc/rfc9460/. So now we have to wait until all Browser vendors implement SVCB/HTTPS.
Regards
Klaus
PS: If