[nsd-users] NSD4 occassionally fails to start after _server_ restart -- related to log rotation?

Anand Buddhdev anandb at ripe.net
Wed Oct 17 21:48:21 UTC 2018 

Hello "pgnet".

I have many comments about your setup. See below.

[snip]

>>>>        Warning: Journal has been rotated since unit was started. Log
> output is incomplete or unavailable.
> 
> Don't know if that's 'fatal' to nsd.

No, this is not fatal to nsd.

> I launch nsd with systemd,
> 
>     cat /etc/systemd/system/nsd4-custom.service
>         [Unit]
>         Description=NSD4 DNS Server
>         After=syslog.target network-online.target
>         Before=nsd4-custom.target
>         Before=unbound.service
>         Requires=unbound.service
> 
>         [Service]
>         PIDFile=/var/chroot/nsd4/var/run/nsd/nsd.pid
>         ExecStart=/usr/local/nsd4/sbin/nsd-control  -c
> /var/chroot/nsd4/etc/nsd.conf start
>         ExecReload=/usr/local/nsd4/sbin/nsd-control -c
> /var/chroot/nsd4/etc/nsd.conf reload
>         ExecStop=/usr/local/nsd4/sbin/nsd-control   -c
> /var/chroot/nsd4/etc/nsd.conf stop
>         ExecStopPost=/bin/rm -f /var/chroot/nsd4/var/db/nsd/xfrd.state
> 
>         [Install]
>         WantedBy=multi-user.target

This is a *very* strange and convoluted way to run nsd with systemd.

First of all, I can understand nsd starting before unbound. But why does
nsd *require* unbound?

Next, your ExecStart can just be:

ExecStart=/usr/local/nsd4/sbin/nsd -c /var/chroot/nsd4/etc/nsd.conf

You also don't need an ExecStop. Instead, you just need:

KillMode=process

so that systemd can just send a TERM signal to the main nsd process.

Next, why are you removing the xfrd.state file when stopping nsd? That
seems pointless. the state file is used for tracking the status of slave
zones and their timers.

The PIDFile option is also unnecessary with nsd.

> and rotate logs with
> 
>     cat /etc/logrotate.d/nsd4
>         /var/log/nsd4/*.log {
>             daily
>             missingok
>             rotate 14
>             compress
>             delaycompress
>             compresscmd /usr/bin/xz
>             uncompresscmd /usr/bin/unxz
>             create 640 nsd nsd
>             sharedscripts
>             dateext
>             dateformat .%Y-%m-%d.%s
>             postrotate
>                 /usr/local/nsd4/sbin/nsd-control log_reopen

Don't you need the "-c /var/chroot/nsd4/etc/nsd.conf" option to
nsd-control here, so that it can find the appropriate control channel to
send the "log_reopen" command to?

Regards,
Anand

More information about the nsd-users mailing list