[nsd-users] nsd-notify retries?

W.C.A. Wijngaards wouter at NLnetLabs.nl
Mon Nov 28 16:08:12 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Michael,

On 11/28/2011 04:58 PM, Michael Tokarev wrote:
> 28.11.2011 19:41, W.C.A. Wijngaards пишет:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Paul, Michael,
>>
>> In NSD3, the daemon can perform notifies (with retries) for you, all in
>> parallel.  This only happens when you have notify: configured for the
>> zone(s) and the serial number is updated (i.e. you nsdc rebuild&&  nsdc
>> reload, or it is a slave zone and the master is updated).
> 
> Aha!  So my old (i think from nsd2 days) script -- that did rebuild,
> reload and notify -- is not obsolete too, it can be reduced to just
> rebuild & reload.  That's excellent to know, thank you!
> 
> (On an related note, I think I asked this question myself -- is there
> a way to send a notify to _unbound_ daemon too? :)

That would be a DoS vector waiting to happen.

But you can get 'almost the same' with:
$ unbound-control flush_zone <nameofzone>
Since unbound-control works over SSL you could copy the keys over to a
directory on the zone-master server, and use unbound-control -c
config-of-unbound.conf flush_zone blabla.  That would wipe the contents
of the zone from unbound's cache.

Best regards,
   Wouter


>> In NSD4, the same thing, but nsdc is obsolete, you have nsd-control
>> notify, nsd-control contacts the server over SSL and the daemon sends
>> notifies for one or all zones.
>>
>> The daemon uses 50 sockets (or so) to do the updates, so 50 zones are
>> active at once, like 'make -j50 notify'.  These are constants in xfrd.h
>> at this time, perhaps would need to be increased if you have 500000
>> zones.
> 
> Yes, 50 sockets should be plenty even for largeish sites.  Thank
> you very much!
> 
> /mjt
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO07HrAAoJEJ9vHC1+BF+NoaoP/13405BCYV0y26Dj93reJV/f
OnvZyWd4r3A1/qOM2CAPwJODuauvXwGLKYe8/3ZRDRojEP0QsSBpg/iPwEdIZsnE
jvTGEKvPXOHONW51o5xBg/V8/OXuiQ12WVCJcaMlXPzkjj7dB/x7iK0jKmk7KLIo
ksrp5vZW8H0K4qugb4iQc7s9udAImIOSC4bSP8EuMWsqhuNRE5vFOBr0NBbEUUgL
gWpRayaaR9u+CtITG3wlfk1QvQaRvqsBxfoIJFLFBfl6gZCXSVGuJEFTLlp8Ji1v
S7vGHsg1s12utfkOV8UtdvpHOageyeugjcfzX1ueZhzMFhtxENORYiuhZa7cp09J
Z3luQg6n/r6AGJJ3SPy+Zn8sGCZJbtPwNhKzOVGEOkTfN3VbL5cHPiOI9kugiChx
TA60ylXAQUGD+WtHh1TmMq5YUoeFKKodN8LqpVRFJ/nnuZ38ndBXFuWbu648U6jz
eJaE5thbgikKOPt1X1nOsK4c/8+U+3RwQLZR8PY6fQh+5kKqFzmiNaUpcLXp16G+
dPLU1SIn6ddQsRlswwM5/ER3G0I/uzVmJdPdFpupft8CT+DjnY6iMU7gbbqJDsoL
L28RmphfkSJuYvT4zHLAXtbTnXaEL/TAbZekp/PxLnT55oaqzfa4fvYTp55tLK3+
2iui3WsR70EX91XdGyke
=lq6r
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list