NSD 3.0.2 Released
wouter at NLnetLabs.nl
Fri Nov 3 10:21:21 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Dear NSD users,
NSD 3.0.2 has been released. It has a selection of bug fixes to your
taste. See the release notes below for a detailed list.
The most important bug fix is the memory management. NSD 3.0.0 and NSD
3.0.1 would run out of memory when serving a big zone with many updates.
This was caused by a conscious, but with hindsight wrong, design choice.
We have fixed this issue and took time to assess the effectiveness of
the fix. We have tested that for a 200+Mb zone with gigabyte update
rates memory usage remains fine and workable with commodity hardware.
Thanks to the people that gave us access to realistic production data.
Also some issues finding relative pathnames, and finding files while
chrooted are resolved. Thanks for the help finding these bugs :-)
On the wire, replies to notify messages from the wrong IP or wrong key
are fixed to be rcode refused (was rcode notauthoritative).
*** Comments on memory usage for NSD 3.0.2.
NSD 3.0.2 needs about 100 Mb of in-core memory for every 1 million RRs
(count lines in a zone file) for the main data. During reloads in-core
memory usage doubles briefly. Current xfrd design needs swap space equal
to the main data size, and a base 3 Mb plus about 2 Kb per secondary
zone in core. Add another 2-3Mb for every server (see server-count:
option). And add some to be safe. The swapspace for xfrd is another
design issue, however, we reckon your swapspace is easier than our
More pressing for operators in this scenario is now disk space. The
received AXFR and IXFR updates are stored in ixfr.db on disk, the
specifications mandate stable storage. With gigabyte update rates, this
file grows large on disk. To cope with this filesize growth we suggest
you use a script or a cronjob to run nsdc patch, that cleans up the
temporary ixfr.db file.
9 9 * * * /usr/local/sbin/nsdc -c /etc/nsd/nsd.conf patch
*** Detailed release notes.
- Nice error from zonec on a wrong configuration zone name.
- Nicer warning from zonec when starting secondary zone with
no zone file for the first time.
- nsdc makes more portable use of 'which' (for
- Bug #143: Improved handling of zonesdir: directive and
relative pidfile, database, diff file, xfrdfile paths in
nsdc.sh and nsd-patch. They would not find the files.
- Bug #144: LOC RRtype default values for precision wrong.
- Bug #145: NSD failed to reload cases of simultaneous zone
- Bug #146: NSD fails to write to xfrdfile when chrooted. Fixed.
Also fix for difffile when chrooted.
- Bug #147: NSD runs out of memory. Fixed, memory is reused.
Occurred when running NSD with very big zones and large
- nsd -L 1 logging is smaller, -L 2 contains all debug
information. (only available for debug compiles).
- Bug #149: Fixed text for NOTAUTH error code. When notify is
not authorised REFUSED error code returned instead.
Let me know if you encounter any trouble.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the nsd-users