[nsd-users] nsd-control delzone on a zone that is defined in the nsd.conf
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue May 14 08:44:20 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On 05/14/2013 10:24 AM, Will Pressly wrote:
> Hi Wouter,
>
> Thanks for the reply.
>
> Wow. that sounds really great if I am understanding you correctly.
> so, if I change my nsd.conf with any kind of arbitrary additions
> and deletions, a simple nsd-control reconfig will intelligently
> and dynamically merge all of those changes -- effectively obviating
> the need for nsd-control [add|del]zone?
Yes, it picks up changes and applies them by reforking the server
processes. This is limited to zone, key, pattern, access-control
lists changes. The server config is not really changeable without a
restart (because it needs root privileges, which have been dropped).
Also RRL config ratelimits and whitelists are updated (if you use RRL).
It provides another workflow, not control add|del zone, but push
nsd.conf and reconfig.
Best regards,
Wouter
> Thanks, Will
>
>
> On Tue, May 14, 2013 at 12:01 AM, W.C.A. Wijngaards
> <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
>
> Hi Will,
>
> On 05/08/2013 11:32 PM, Jaap Akkerhuis wrote:
>
>> I am trying to wrap my head around the rationale of the
>> restriction on not allowing nsd-control to delzone a zone that is
>> configured in the nsd.conf. What is the risk here? Is it more of
>> an operational one where it will not truly delete if a stop/start
>> of the daemon occurs without modification of the nsd.conf? I
>> mean, if your workflow is to always update your nsd.conf by
>> removing entries for zones you are planning to delzone (and then
>> blowing away the zone.list file before start) -- then where is
>> the problem, exactly?
>
>> I see the restriction only exists in remote.c, and it doesn't
>> look like deleting one of these zones declared in the nsd.conf
>> would be much different that one that wasn't (although I am
>> probably missing something).
>
>> Can you help me understand this, please?
>
>> FYI, Wouter is on vacation so it might take another week or so
>> before he answers. What I do remember from talking about this is
>> that "nsd-control delzone" is merely the inverse of "nsd-control
>> addzone".
>
>> Zones defined in nsd.conf are supposed to be static that is why
>> the man nsd-control says:
>
>> Zones configured inside nsd.conf itself cannot be removed
>> this way because the daemon does not write to the nsd.conf
>> file, you need to add such zones to the zonelist file to be able
>> to delete them with the delzone command.
>
>> Hope this helps.
>
> Yes, what you can do, if you modify the nsd.conf yourself, is that
> you modify the nsd.conf and then nsd-control reconfig (you need
> that latest svn trunk of NSD4 for that, beta4 does not have this
> feature). Then it adds and removes the changes you made in the
> config file. This may fit better into your existing workflow.
>
> Best regards, Wouter
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRkflkAAoJEJ9vHC1+BF+NLfsP/Aqn2c67ds/87+pnzux0UN+6
+Rb4iNreUIGF0gY3gH3hM1m0zFazQLnhXBP6d+RJZ9Dmh44RoljIFVw6J20glmCR
7keZmq01zr/W+JQ1+uoxj5Kv737OXkLL/CNF8+qIHx/O1/betvt7qdF8G2PL0qDX
wAL53xTRnZ5MZKi0jX9sukxcj9tonBa6QIde6YxH6i2Joxg96U5R/jO/QQ0Ml5Kd
ia8peN4oJZ39/M6zmiX9pcsqXXuWdv2RMMq12w570vS0jXziLIxz+KYZoh/T4saN
Awi9LIT3zkwfb1u54DN43SIzbXfx4pZGYkhfk0kbeWZy4KeH5Wmr8qx1fEATCGmF
GvtFRCaBR6vIf01Tj63v272EVyVtH/RLF7XWQ8JHJYx/35ZvuONopiZtMl4UeGz2
887MopB4IHNqDddIR/Adal0HoVPxuZTqAzNbZ6pN/dxr2W45cPO0A1ym590oY4HO
gngQRBGLc3DEIKPFjQtetFreG2llepQtPlmu7idNAaNN7Bg+H62VPKdGDIGuYUw8
YmlgjjfnovEaNocIz3Q7bt84gZe24mkxe6KLA5BGMbJaI0nmbcrh7udMte2nLxSZ
vAkIebpe6ZMiGjUzGN5kHxSFmxOgE45PdexQTnI2KGTpYjsrOjeaHedGWPDzsDqS
jnpmcAgp53M1AOZFvKqY
=2WOw
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list