[nsd-users] PATCH: option to allow nofork without enabling debug mode

[Paul Wouters]

On Fri, 19 Apr 2013, W.C.A. Wijngaards wrote:

>>> Have you tested nsd long enough with this option?
>>
>> After fixing the patch to add "D" to getopt, I ran it specifically
>> with various reload scenarios because I know even the RHEL version
>> with sysv still at times lost the proper pid (the build I fired
>> off today hopefully fixes those now on RHEL, ns0.nohats.ca has not
>> lost the right pid in several hours now)
>
> The pidfile is changed when the scenario that Anand describes happens.
> So that means there is a brief race condition, but you did not notice
> the issue that Anand described.  Also upstart may need nsd to keep
> attached to the same console session, and that would then not happen,
> and nsd4 can do all of that with the changes; i.e. for nsd4 the
> pidfile does not change.

One of the reasons for trying without forking is the exact reason of the
pidfile sometimes being bogus. At that point, "nsdc" fails to do anything
to the running nsd. For example, opendnssec on the same machine can no
longer send a successful reload command after it has signed a zone. If
left unattended, zones expire.

currently, the nsd running with systemd without forking has a matching
pid file, but I'll run a few more zones updates and see. Perhaps nsd4
will be ready before RHEL7, and then there is no issue - I don't think
many people will run nsd on Fedora.

However, for nsd3 and RHEL6, that still leaves me with the issue that
one regularly loses control of the running nsd, until an operator goes
in and fixes things by killing nsd by process name and restarting it.
That really still needs a fix, especially when combined with opendnssec.

Paul