[nsd-users] nsd as bind slave (xfer problem)

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Feb 19 13:42:02 UTC 2009

I was apparently too brief when making my comments. I hope to clarify it
in this e-mail.

Introducing a nsdc reconfig is lots of work that needs lots of error
handling methods. One could re-read the configuration file upon nsd
reload but it must also be communicated to the xfrd process. In the
design of NSD3, IPC communication is limited as much as possible, to
limit the issues of synchronization between these two processes. For
more details of these issues, I have to refer you to Wouter, the
original implementor of NSD3.

So, reconfig requires lots of complex code with respect to error
handling and process communication that is bug prone.

However, I sense that this is a hotly wanted feature, so we will
consider it.



Matthijs Mekking wrote:
> Aaron Hopkins wrote:
>> On Mon, 16 Feb 2009, Thomas Krause wrote:
>>> Now I want to add additional slave zones to the server. But this works
>>> only with stopping and starting the nsd process. None of the other
>>> nsdc commands starts the zone transfer from the master.
>>> What is wrong?
>> As far as I know, nsd can't add or remove zones while running.  This was a
>> feature requested years ago, but I haven't seen any announcements of
>> progress on it.
> The reason for this is, is that it is required to re-read the
> configuration file. The decision was to not read the configuration file
> while running in order to minimalize security vulnerabilities.
>> This continues to be the main reason I haven't adopted nsd for production
>> use; I wasn't able to figure out a sane way to add or remove zones without
>> dropping queries.  My nameservers handle thousands of domains, and
>> something
>> gets added or removed regularly.  I don't want authoritative nameserver
>> downtime every time I do a push.  Am I missing something?
>>                                     -- Aaron
>> _______________________________________________
>> nsd-users mailing list
>> nsd-users at NLnetLabs.nl
>> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> ------------------------------------------------------------------------
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 544 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20090219/1538ad07/attachment.bin>

More information about the nsd-users mailing list