[nsd-users] tinydns to nsd

richard lucassen mailinglists at lucassen.org
Sat Dec 28 21:15:54 UTC 2019 

On Sat, 28 Dec 2019 17:02:09 +0100
richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:

> The problem is (was) that I used "include:" statements in nsd.conf
> to load zone information. Apparently nsd does not reread the include
> files upon a SIGHUP. I scripted everything into 1 file and a HUP
> rereads the zone info now.

Wrong, I made a mistake it does not. A SIGHUP does not make nsd reread
it's config file. When using nsd-control I get an error:

# nsd-control delzone test.xaq.nl
error zone defined in nsd.conf, cannot delete it in this manner: remove
it from nsd.conf yourself and repattern

The output of "nsd-checkconf -v /etc/nsd/nsd.conf":
server:
        debug-mode: no
        ip-transparent: no
        ip-freebind: no
        reuseport: no
        do-ip4: yes
        do-ip6: no
        hide-version: yes
        database: ""
        #identity:
        #version:
        #nsid:
        #logfile:
        server-count: 1
        tcp-count: 100
        tcp-query-count: 0
        tcp-timeout: 120
        tcp-mss: 0
        outgoing-tcp-mss: 0
        ipv4-edns-size: 4096
        ipv6-edns-size: 4096
        pidfile: "/var/lib/nsd/nsd.pid"
        port: "53"
        statistics: 0
        chroot: "/var/lib/nsd/"
        username: "nsd"
        zonesdir: "/var/lib/nsd/domains/"
        xfrdfile: ""
        zonelistfile: "/var/lib/nsd/zone.list"
        xfrdir: "/var/lib/nsd/tmp/"
        xfrd-reload-timeout: 1
        log-time-ascii: yes
        round-robin: yes
        verbosity: 0
        ip-address: "127.0.0.53"
        rrl-size: 1000000
        rrl-ratelimit: 200
        rrl-slip: 2
        rrl-ipv4-prefix-length: 24
        rrl-ipv6-prefix-length: 64
        rrl-whitelist-ratelimit: 2000
        zonefiles-check: yes
        zonefiles-write: 3600

remote-control:
        control-enable: yes
        control-port: 8952
        server-key-file: "/etc/nsd/nsd_server.key"
        server-cert-file: "/etc/nsd/nsd_server.pem"
        control-key-file: "/etc/nsd/nsd_control.key"
        control-cert-file: "/etc/nsd/nsd_control.pem"

zone:
        name: test.xaq.nl
        zonefile: /var/lib/nsd/domains/nl/xaq/test/zone

(and a lot of other zones)

BTW, a "control-enable: no" gives a config error. Any hints?

And perhaps some more comments on the config? Note: this is a
supervised version running under "runit"

R.

-- 
richard lucassen
http://contact.xaq.nl/

More information about the nsd-users mailing list