[nsd-users] test setup problem: secondary expires zones

Toni Mueller support+nsd at oeko.net
Sat Feb 11 18:54:02 UTC 2012


I'm trying to run NSD as a secondary to a primary nameserver
(tinydns+axfrdns), which has served me well over the years, but is now
being phased out. For every zone, I put such a section into NSD's config

        name: "example.com"
        zonefile: "example.com"
        #allow-notify: NOKEY
        request-xfr: NOKEY

With being the IP of the primary. These packages even run on
the same host. When I initially set things up, everything went fine: NSD
pulled the zones, and, with "nsdctl patch", wrote them to local zone
files, too.

Now I find that, after some time, all zones expire despite the primary
still serving them, and other authorized secondaries have no problem
pulling them. IOW, they expire only on NSD, and I don't exactly know
why. If I do the same thing from the command line, using dig, I get the
zones transferred from the primary just fine, but axfrdns regularly logs
this in response to queries from NSD:

axfrdns: fatal: unable to locate information in data.cdb

NSD logs nothing, despite running in verbose mode.

strace shows that there is something fishy within nsd. I get tons
of these:

setsockopt(6, SOL_SOCKET, SO_REUSEADDR, "\2\0\0\0.\35(\"\0\0\0\0\0\0\0\0", 16) = 0
bind(6, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("")}, 16) = 0
connect(6, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("")}, 16) = -1 EINPROGRESS (Operation now in progress)
pselect6(8, [7], [6], [], {23, 997600000}, {NULL, 8}) = 1 (out [6], left {23, 997598102})
getsockopt(6, SOL_SOCKET, SO_ERROR, [0], [4]) = 0
write(6, "\0l", 2)                      = 2
write(6, "\0043\0\0\0\1\0\0\0\1\0\0\10newwalls\2de\0\0\373\0\1\10ne"..., 108) = 108
read(6, 0x7f0a0336f7f8, 2)              = -1 EAGAIN (Resource temporarily unavailable)
pselect6(8, [6 7], [], [], {23, 997100000}, {NULL, 8}) = 1 (in [6], left {23, 996821603})
read(6, "\0Y", 2)                       = 2
read(6, "\0043\204\0\0\1\0\0\0\1\0\0\10newwalls\2de\0\0\373\0\1\300\f\0"..., 89) = 89
close(6)                                = 0

Both software packages run on the same machine, but currently, nsd
usually does not receive any queries from the Internet (unless you query
the ip directly).

Any pointers on what to do would be greatly appreciated!

Kind regards,

More information about the nsd-users mailing list