[nsd-users] nsd-notify retries?

W.C.A. Wijngaards wouter at NLnetLabs.nl
Tue Nov 29 09:23:27 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 11/28/2011 05:17 PM, Paul Wouters wrote:
> On Mon, 28 Nov 2011, W.C.A. Wijngaards wrote:
> 
>> In NSD3, the daemon can perform notifies (with retries) for you, all in
>> parallel.  This only happens when you have notify: configured for the
>> zone(s) and the serial number is updated (i.e. you nsdc rebuild && nsdc
>> reload, or it is a slave zone and the master is updated).
> 
> But when adding a zone, you need a restart, not just rebuild & reload
> What happens then?

It should send notifies for the added zone(s).

>> In NSD4, the same thing, but nsdc is obsolete, you have nsd-control
>> notify, nsd-control contacts the server over SSL and the daemon sends
>> notifies for one or all zones.
> 
> Good, so on startup will it send notifies to all secondaries per default?
> eg this could then be removed from the init scripts?

It sends notifies for changed zone(s) per default.

If you want to send notifies for all zones (where it is not necessary
because they have not changed), you have to use the nsd-control command.

> the 50 at a time is fine when it is the daemon doing it, meaning the server
> is up and running. The issue with nsd3 is that you have to run nsd-notify
> before the daemon launches, meaning you are down while waiting.

That would not be optimal.  If you run nsd-notify while the daemon has
not launched yet, the slaves will immediately try to contact the master
to download the zone, but it has not started and it not available.
Instead, first start the daemon, then send notifies, so that the slaves
can download the zone immediately.

NSD4 also has nsd-control force_transfer <zone> that you can run on the
slave server and it forces a full AXFR, even if the SOA serial has not
changed.

NSD4 is under development, these features are implemented in svn trunk.
 If you decide to try it: note nsdc and zonec gone, config and database
file format changes, nsd-control is useful.  It is backwards compatible
with your old config file :-)

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO1KSKAAoJEJ9vHC1+BF+NkY8P/R0NREId/vfmCp7pwPsez/C4
BDkPrrJ3EZU12xxaw8ZZvQnsMJL/zBabx4KFOtmJ0bpZaT51HJfXp9qK0i/UW1A1
mDaRMjydV6zBl8khXE/8u56sixUi0BLmtoPurm9IHkpFZBgU0ECrcfuiJanJPcFA
u9RqU4OKF4sX1xyhFJErjk+3oy6yzXjBzcOxBl9ubDmBkrZY8jiP6+cLi5NQuTks
gGagX8F+mOS6/upGpgJ04p2BnI0bOJDVlEDqyxTSESrVbAU9f1W1sirYb3MPsJQP
uG5xK35A5OAYvzNq07KH8hyvt/1Y8sRdwXSaIjMUuhaUKvDmV8xu5mB4nkPR3N2f
OBpJYXrMA6+wt4aCg0Ks0rtIfjk5nUasCuHQPyfO44YsLgck3PLMOyc95hKrd5EX
dhWA6zWhTP1ShbRiXKFXns9m8abW5Q/WFpAYKKjTX6QRVXwZDAreqFe+2FbGhJmS
oOBwLY03ixxky6Wz1kK4MzH+URVQYY7oxq3sV/bAbgkaFNzIL6ZPoGdWDWYH5EYj
OZu8ja7SkF5ElOhj6K4suHJd9+AwpsyevfVsyCKSAtE110Xsvzgay5V3A6uxcgqP
KiVzsBmrccYUhcVu4Fo1AAXs5k1tMMm7HhB9NTRNeqgzIGTA4vqgAgyI096fmIJy
iEC0fYQSsL4zl1/ZNfbp
=jdp0
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list