[nsd-users] Can't get pattern substition to work

W.C.A. Wijngaards wouter at nlnetlabs.nl
Mon Mar 10 10:14:05 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Lew,

This works for me, nsd tries to open zones/db.whatever.com for reading.
Something else is not working?

What does nsd-checkconf print?  Does it not find the 'solozones'
pattern, is there a syntax error?  Or does NSD fail to open the
zonefile, what zonefile does it try to open (it logs it).

Can you do:
zone:
	name: "whatever.com"
	zonefile: "zones/db.%s"
# use the substitution in the zone declaration itself (which can be
useless I agree but it is an interesting test).

Best regards,
   Wouter

On 03/09/2014 09:24 PM, Lew Payne wrote:
> Will - The sole source of my zone data will be the nsd.conf file
> (as was the case previously).  I will not be "importing" zones
> through "nsd-control.  However, I still want to take advantage of
> patterns to define a common set of keywords and values in my
> nsd.conf zone definitions, thus avoiding lengthy repetitions.  The
> slides (from 16-OCT-2013) show the use of patterns as "macro
> expansions" applied to "zone:" names within the nsd.conf file.
> That's what I want to do... and I've followed the exact examples
> shown in the slides.  Again, the "patterns" work as long as I don't
> use substitutions (%s, %x, %y, %z, etc).  Hence, I believe
> something is quirky with the patterns.
> 
> It would be great if you could check, using the example I provided
> (or I can zip up my working set).
> 
> Thanks! Lew Payne
> 
> 
> On Sun, Mar 9, 2014 at 12:55 PM, Will Pressly <will at edgecast.com 
> <mailto:will at edgecast.com>> wrote:
> 
> I am not around a machine where I can poke at your substitution 
> problem, but, from what you are saying about not wanting to do 
> addzone, have you looked at reconfig? Nsd-control reconfig will
> find diffs in sequential revisions in your nsd.conf file and just
> apply changes to the running state of the daemon. Eg: it will
> detect zones that are in a newer rev of the nsd.conf (that were
> absent in an earlier revision) and add them automatically. This
> works with deletes as well.
> 
> This way your nsd.conf file is the sole source of config input for 
> your daemon -- not nsd.conf and the zones.list file. This way you 
> can just explicitly add the zone name and path to the zones
> section of your nsd.conf file without having to use patterns.
> 
> I will try to look at your pattern substitution problem later -- I 
> have a hunch, but do not want to suggest it here for fear of
> looking like a fool :) That said, I assume you looked at your logs
> and checked for chroot presence/relativization, right? Also, you
> might just try reconfig as I suspect that will better satisfy your
> work flow requirements.
> 
> Regards, Will
> 
> On Mar 9, 2014 11:25 AM, "Lew Payne" <lew.payne at gmail.com 
> <mailto:lew.payne at gmail.com>> wrote:
> 
> I'm upgrading to nsd v4.0.1 (from a six year old release).  I've 
> crafted a new nsd.conf by hand, and would like to take advantage of
> the "pattern" feature.  I've read the man page, looked at the 
> sample conf file, and even poured through the 16-OCT-2013 slide 
> presentation.  My nsd.conf conforms to the required standard, yet
> there seems to be a failure when using substitution patterns.
> 
> This fails...
> 
> pattern: ....name: "solozones" ....zonefile: "zones/db.%s" 
> ....provide-xfr: 1.2.3.4 NOKEY
> 
> zone: ....name: "whatever.com <http://whatever.com>" 
> ....include-pattern: "solozones"
> 
> producing a "could not find pattern solozones" error.  I've also 
> tried using "zones/db.%y.%z" as well as "zones/db.\%s" as the 
> zonefile pattern, to no avail.  The problem seems to be in 
> substitution (it would help if it showed the substitution/expansion
> in the error output)... because the following works:
> 
> pattern: ....name: "solozones" ....zonefile: "zones/db.whatever.com
> <http://db.whatever.com>" ....provide-xfr: 1.2.3.4 NOKEY
> 
> Can someone please tell me what I'm doing wrong, and how to work 
> around this problem?  I want to hard-code (lock down) the zones 
> into nsd.conf, rather than use nsd-control addzone (for PCI and 
> HIPAA reasons).
> 
> I hope someone brighter than me can spot why this isn't working.
> 
> 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 
> 
> 
> 
> _______________________________________________ nsd-users mailing
> list nsd-users at NLnetLabs.nl 
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTHZBpAAoJEJ9vHC1+BF+NAAgQAJyUr+akBs9/sX1upOOzQkOn
b6DKyWKDS1JCDev4VOmsv/wTGoVtn8eTYfUk+oxiVIjUk7DRwPfYYDCNrXaXviOq
OtfeVlbsPofcmntYhXOrGH90YtydIGdjxQatvnsbgesy4gtzpdnRZdCeEW+ygBrm
1iG7WrH7tCS80gSEpQuLUs2GMHnRpOb/podpL4NiCuSOooUVbb6eGsjsFN1fuV7r
yPdrwE5wIawAwQ2TGGlj9Oq4ioUFae9NyT3W1gGrFwvZohvbu9y1FSl/1VBDEYyW
jxY/vUWIMgvpUuFF1LPoBr1xr8PZooABDnokeR20+DFWAHYIaqN++F8J+RrIpnb7
j5Aqor/HIohTuihGe8sSCEpwTyDCLbJ7R9BTFUd87uFgWf9sWZt6IuOERvKMFqJv
gLu34nt48a/JaeJLNNfC/UwVSHAL++HO9yoDOFlKki5WN6HvSB7YtbH65f22bF/C
1wm9Y5qOQoyMZXmLY50b9F5jE8sjDk5Up4UI3+oSkJfEGSHMQlYZRmKN3J9F/Iy/
V7W+dhbskOxt8fXRoiphGXPOKfAq+N2k6zMAX3t+eSSoALk13SmlmWG5yq5HS42/
E1wQ3EifIdExGXJVqPpOJaChYYboWWAEsBiJrmbhDAX6ZHtmM4g4Z2u5PoIKQGTd
/ZtkhSRMk2USJc+qj87n
=sNWV
-----END PGP SIGNATURE-----

More information about the nsd-users mailing list