<html><head></head><body>On the "nsd-control addzone/delzone": it works a bit different from defining zones in your configuration, just as the error message says.<br><br>It is rather intended to be used with patterns. You configure a pattern in your configuration, then you tell nsd via nsd-control addzone to use a specific pattern for a specific zone. nsd keeps track of these assignments in a file usually in "/var/lib/nsd/zone.list" (configurable via "zonelistfile").<br><br>Zones can be added/removed pretty dynamically that way. What nsd does internally when receiving the addzone/delzone I haven't cared about so far.<br><br>On the config in general:<br>"server-count" should be set to the number of CPUs of the respective machine. And, if you have this set to more than 1 and run it on Linux, you might also want to consider setting "reuseport" to "yes". I have more experience with this option from a high performance unbound system, but activating this option helped improve performance by a margin of 30-40%. I think it has a similar impact on nsd when a high amount of requests has to be served.<br><br><div class="gmail_quote">Am 28. Dezember 2019 22:15:54 MEZ schrieb richard lucassen via nsd-users <nsd-users@lists.nlnetlabs.nl>:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On Sat, 28 Dec 2019 17:02:09 +0100<br>richard lucassen via nsd-users <nsd-users@lists.nlnetlabs.nl> wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">The problem is (was) that I used "include:" statements in nsd.conf<br>to load zone information. Apparently nsd does not reread the include<br>files upon a SIGHUP. I scripted everything into 1 file and a HUP<br>rereads the zone info now.<br></blockquote><br>Wrong, I made a mistake it does not. A SIGHUP does not make nsd reread<br>it's config file. When using nsd-control I get an error:<br><br># nsd-control delzone test.xaq.nl<br>error zone defined in nsd.conf, cannot delete it in this manner: remove<br>it from nsd.conf yourself and repattern<br><br>The output of "nsd-checkconf -v /etc/nsd/nsd.conf":<br>server:<br> debug-mode: no<br> ip-transparent: no<br> ip-freebind: no<br> reuseport: no<br> do-ip4: yes<br> do-ip6: no<br> hide-version: yes<br> database: ""<br> #identity:<br> #version:<br> #nsid:<br> #logfile:<br> server-count: 1<br> tcp-count: 100<br> tcp-query-count: 0<br> tcp-timeout: 120<br> tcp-mss: 0<br> outgoing-tcp-mss: 0<br> ipv4-edns-size: 4096<br> ipv6-edns-size: 4096<br> pidfile: "/var/lib/nsd/nsd.pid"<br> port: "53"<br> statistics: 0<br> chroot: "/var/lib/nsd/"<br> username: "nsd"<br> zonesdir: "/var/lib/nsd/domains/"<br> xfrdfile: ""<br> zonelistfile: "/var/lib/nsd/zone.list"<br> xfrdir: "/var/lib/nsd/tmp/"<br> xfrd-reload-timeout: 1<br> log-time-ascii: yes<br> round-robin: yes<br> verbosity: 0<br> ip-address: "127.0.0.53"<br> rrl-size: 1000000<br> rrl-ratelimit: 200<br> rrl-slip: 2<br> rrl-ipv4-prefix-length: 24<br> rrl-ipv6-prefix-length: 64<br> rrl-whitelist-ratelimit: 2000<br> zonefiles-check: yes<br> zonefiles-write: 3600<br><br>remote-control:<br> control-enable: yes<br> control-port: 8952<br> server-key-file: "/etc/nsd/nsd_server.key"<br> server-cert-file: "/etc/nsd/nsd_server.pem"<br> control-key-file: "/etc/nsd/nsd_control.key"<br> control-cert-file: "/etc/nsd/nsd_control.pem"<br><br>zone:<br> name: test.xaq.nl<br> zonefile: /var/lib/nsd/domains/nl/xaq/test/zone<br><br>(and a lot of other zones)<br><br>BTW, a "control-enable: no" gives a config error. Any hints?<br><br>And perhaps some more comments on the config? Note: this is a<br>supervised version running under "runit"<br><br>R.<br></pre></blockquote></div></body></html>