[nsd-users] nsd-notify retries?
wouter at NLnetLabs.nl
Mon Nov 28 15:41:51 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hi Paul, Michael,
In NSD3, the daemon can perform notifies (with retries) for you, all in
parallel. This only happens when you have notify: configured for the
zone(s) and the serial number is updated (i.e. you nsdc rebuild && nsdc
reload, or it is a slave zone and the master is updated).
In NSD4, the same thing, but nsdc is obsolete, you have nsd-control
notify, nsd-control contacts the server over SSL and the daemon sends
notifies for one or all zones.
The daemon uses 50 sockets (or so) to do the updates, so 50 zones are
active at once, like 'make -j50 notify'. These are constants in xfrd.h
at this time, perhaps would need to be increased if you have 500000 zones.
On 11/28/2011 04:15 PM, Paul Wouters wrote:
> On Mon, 28 Nov 2011, Michael Tokarev wrote:
>> Now, the questions.
>> Should maybe nsd-notify implement the functionality of the
>> nsdc script in this case, by scanning the conffile and sending
>> all notifies to all found zones and to all nameservers just the
>> same way as `nsdc notify' does, but doing it all in parallel, not
>> one after another?
>> And, should nsd-notify wait for so long and try to do so many
>> attempts for each? Maybe do just two attempts (second within
>> a 1-second interval) and be done with it? Or maybe there should
>> be some option for that?
>> Or maybe it is better for nsd itself to send the notifies, f.e.
>> as triggered by nsd-notify - so that nsd-notify does not send
>> notifies itself but sends a trigger to a running daemon who
>> maintains list of "pending" notifications? (Probably too
>> complicated for the daemon)
>> Why nsd-notify does not detect ICMP errors which are being
>> returned by the operating system, and waits till timeout
> I agree, and have brought this up in the past. I think it has
> not been considered a high priority item because the focus of
> nsd has been more on small sets of zones like TLDs. When you run
> 100 zones with nsd and you have a name server outage, all the
> notify delays cause significant problems. Or in our case, we always
> have some half broken test zones and test servers that are not
> working causing massive delays in the init scripts.
> I think the nsd team also feels the separate nsd-notify is an
> obsolete feature, but I'm not sure if just restarting the daemon
> itself causes the built-in notify code to trigger.
> I would be happy if nsd-notify provided a "fire and forget" option,
> even willing to write the patch :)
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the nsd-users