[nsd-users] nsd-notify retries?
wouter at NLnetLabs.nl
Tue Nov 29 09:23:27 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 11/28/2011 05:17 PM, Paul Wouters wrote:
> On Mon, 28 Nov 2011, W.C.A. Wijngaards wrote:
>> In NSD3, the daemon can perform notifies (with retries) for you, all in
>> parallel. This only happens when you have notify: configured for the
>> zone(s) and the serial number is updated (i.e. you nsdc rebuild && nsdc
>> reload, or it is a slave zone and the master is updated).
> But when adding a zone, you need a restart, not just rebuild & reload
> What happens then?
It should send notifies for the added zone(s).
>> In NSD4, the same thing, but nsdc is obsolete, you have nsd-control
>> notify, nsd-control contacts the server over SSL and the daemon sends
>> notifies for one or all zones.
> Good, so on startup will it send notifies to all secondaries per default?
> eg this could then be removed from the init scripts?
It sends notifies for changed zone(s) per default.
If you want to send notifies for all zones (where it is not necessary
because they have not changed), you have to use the nsd-control command.
> the 50 at a time is fine when it is the daemon doing it, meaning the server
> is up and running. The issue with nsd3 is that you have to run nsd-notify
> before the daemon launches, meaning you are down while waiting.
That would not be optimal. If you run nsd-notify while the daemon has
not launched yet, the slaves will immediately try to contact the master
to download the zone, but it has not started and it not available.
Instead, first start the daemon, then send notifies, so that the slaves
can download the zone immediately.
NSD4 also has nsd-control force_transfer <zone> that you can run on the
slave server and it forces a full AXFR, even if the SOA serial has not
NSD4 is under development, these features are implemented in svn trunk.
If you decide to try it: note nsdc and zonec gone, config and database
file format changes, nsd-control is useful. It is backwards compatible
with your old config file :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the nsd-users