[nsd-users] NSD4 beta2

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Jan 22 10:10:51 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Andreas,

On 01/21/2013 12:39 PM, Andreas Schulze wrote:
> Am 10.01.2013 10:33 schrieb W.C.A. Wijngaards:
>> The new beta for NSD4 is available, NSD4.0.0b2:
> 
> I see some errors I do not unserstand.
> 
> master & slave: 4.0b2, verbosity 2
> 
> master.conf: ------------------------------------------------- 
> zone: name: "example.org." zonefile: "/etc/nsd/zones/example.org" 
> notify: $slave_ipv6 NOKEY provide-xfr: $slave_ipv6/128 NOKEY
> 
> slave.conf: ------------------------------------------------- 
> zone: name: "example.org." zonefile: "/etc/nsd/zones/example.org" 
> allow-notify: $master_ipv6/128 NOKEY request-xfr: $master_ipv6
> NOKEY
> 
> starting the "empty" slave: nsd[27825]: info: zonefile
> /etc/nsd/zones/example.org does not exist nsd[27825]: notice: nsd
> started (NSD 4.0.0b2), pid 27792 nsd[27792]: info: xfrd: zone
> example.org. written received XFR from $master_ipv6 with serial
> 1358734044 to disk nsd[27792]: info: xfrd: zone example.org.
> written received XFR from $master_ipv6 with serial 1358734044 to
> disk nsd[27792]: info: xfrd: zone example.org. written received XFR
> from $master_ipv6 with serial 1358734044 to disk nsd[27792]: info:
> xfrd: zone example.org. committed "received update to serial
> 1358734044 at 2013-01-21T12:25:36 from $master_ipv6" nsd[27827]:
> info: rehash of zone example.org. with parameters 1 0 1 - 
> nsd[27827]: info: zone example.org. received update to serial
> 1358734044 at 2013-01-21T12:25:36 from $master_ipv6 of 32745 bytes
> in 4295.4 seconds nsd[27792]: info: Zone example.org. serial 0 is
> updated to 1358734044.
> 
> -> why "in 4295.4 seconds"

This is the time from the first packet that we got from the master
until the last packet was received of this zone transfer.  If this
value is too big - I think I just fixed an overflow in the calculation,
thanks for the report :-).

> master log nothing.
> 
> while the masterzone has not changed the serialnumber I run
> "nsd-control transfer". Output: "ok, 1 zones" Returncode: 0
> 
> Slave start logging: nsd[27792]: info: new control connection from
> ::1 nsd[27792]: info: control cmd:  transfer nsd[27792]: info:
> Handle incoming notify for zone example.org. nsd[27792]: error:
> xfrd: zone example.org. received error code NOT IMPL from
> $master_ipv6

This is because it tries to do IXFR but NSD does not serve IXFR as the
master (it does work as the slave).   It falls back to AXFR later.

> nsd[27792]: info: xfrd: zone example.org. bad transfer 0 from
> $master_ipv6

This first one is because of the NOTIMPL return code.

> nsd[27792]: info: xfrd: zone example.org. bad transfer 0 from
> $master_ipv6 nsd[27792]: info: xfrd: zone example.org. bad transfer
> 0 from $master_ipv6

These other ones, not sure why the transfer is bad, what went over the
wire here.  You can get NSD to printout more detail if you compile
with (--enable-checking or --enable-debug) and use -F 20 -L 1 so start
NSD.

> same time @master: nsd[7414]: error: failed reading from tcp:
> Connection reset by peer nsd[7414]: error: failed reading from tcp:
> Connection reset by peer

This is fairly normal - NSD downstream closes the tcp connection and a
connection reset travels to the master - it is printed because you
have high verbosity set, it would not be printed on a lower verbosity.

> -> would be helpfull to log the client ip here.

Yes, added that.

> If I run "nsd-control force_transfer" I get the same logs as if I
> started with an empty slave. Is this normal?

Yes.  Because, to make sure it is correct, it'll do an AXFR, ignores
the local datastore, makes sure it updates everything, ignores the
local SOA serial number.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQ/mWlAAoJEJ9vHC1+BF+NHaAQAJ5hPz6O5TSJbYiagXAagNRL
5tUgTHU3mysRohBm15eSDnCBjJ15Dwdx/C0Y5ri6xB5W2AILNRIagWjxaAWZq4uC
OzE+UvOowU0leDr78Zrx6uqxNrUBYhMgLkLVvYqJauoigHVlsALMlGdPEUxuGO8Z
6/kfu55vFPMa0mfmEdeAuASq4VxT+A7vHrJ2r5lczOtZRPN97mrSzJ7/qgKydvd0
cGwkPYymjm0lGjgKD9MN+1q8Gb1feKqFVeHfU/s//YXoqmssYD5E1EgNGqN/oO5D
qNPPe1iDxjoDGc8fi0IXjPGwKl/SGkN9nxlSeH1aEW4oagUnh6XX5b0QdpLm226R
sesij+BY1JRG0teFcILU+JankblXQQ05RjJR4EnqL5605h1moQY2mWf/zmqoS249
NcxFtfuZx6rN8gKd0paBW9WrX2d3uSeq+Y30OrKqEHZr9HJ7zZYJwNJrjyf16niK
fjFlSGLDJ7oAhmRkE6xL+zaU4zC6uyXX5FSSzFRuP6WiOlCrvHCY9SBco57go7Ip
32fzUKBDvJqbXNlga0oP80otBumkKR4WH0bfZLF5woq60vKpyrA/cgTOtrAgj6nO
A0ytze2lp4oU6rQIvGnNCHShiUE4152s0HbIJSCn+wmBaQJje5zOE+31usRnZIx2
Z5VzJygZAog/6/VrcLQB
=CwYH
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list