[nsd-users] nsd-control delzone on a zone that is defined in the nsd.conf

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue May 14 08:44:20 UTC 2013

Hash: SHA1


On 05/14/2013 10:24 AM, Will Pressly wrote:
> Hi Wouter,
> Thanks for the reply.
> Wow. that sounds really great if I am understanding you correctly.
> so, if I change my nsd.conf with any kind of arbitrary additions
> and deletions, a simple nsd-control reconfig will intelligently
> and dynamically merge all of those changes -- effectively obviating
> the need for nsd-control [add|del]zone?

Yes, it picks up changes and applies them by reforking the server
processes.  This is limited to zone, key, pattern, access-control
lists changes.  The server config is not really changeable without a
restart (because it needs root privileges, which have been dropped).
Also RRL config ratelimits and whitelists are updated (if you use RRL).

It provides another workflow, not control add|del zone, but push
nsd.conf and reconfig.

Best regards,

> Thanks, Will
> On Tue, May 14, 2013 at 12:01 AM, W.C.A. Wijngaards
> <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
> Hi Will,
> On 05/08/2013 11:32 PM, Jaap Akkerhuis wrote:
>> I am trying to wrap my head around the rationale of the
>> restriction on not allowing nsd-control to delzone a zone that is
>> configured in the nsd.conf. What is the risk here? Is it more of
>> an operational one where it will not truly delete if a stop/start
>> of the daemon occurs without modification of the nsd.conf? I
>> mean, if your workflow is to always update your nsd.conf by
>> removing entries for zones you are planning to delzone (and then
>> blowing away the zone.list file before start) -- then where is
>> the problem, exactly?
>> I see the restriction only exists in remote.c, and it doesn't
>> look like deleting one of these zones declared in the nsd.conf
>> would be much different that one that wasn't (although I am
>> probably missing something).
>> Can you help me understand this, please?
>> FYI, Wouter is on vacation so it might take another week or so 
>> before he answers. What I do remember from talking about this is 
>> that "nsd-control delzone" is merely the inverse of "nsd-control 
>> addzone".
>> Zones defined in nsd.conf are supposed to be static that is why 
>> the man nsd-control says:
>> Zones  configured  inside  nsd.conf  itself  cannot be removed
>> this way because  the  daemon  does  not  write to the nsd.conf
>> file, you need to add such zones to the zonelist file to be able
>> to delete them with the delzone command.
>> Hope this helps.
> Yes, what you can do, if you modify the nsd.conf yourself, is that
> you modify the nsd.conf and then nsd-control reconfig (you need
> that latest svn trunk of NSD4 for that, beta4 does not have this
> feature). Then it adds and removes the changes you made in the
> config file. This may fit better into your existing workflow.
> Best regards, Wouter

Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


More information about the nsd-users mailing list