[nsd-users] tinydns to nsd
Andreas Schwarz
andreas at black-code.de
Sat Dec 28 21:39:05 UTC 2019
On the "nsd-control addzone/delzone": it works a bit different from defining zones in your configuration, just as the error message says.
It is rather intended to be used with patterns. You configure a pattern in your configuration, then you tell nsd via nsd-control addzone to use a specific pattern for a specific zone. nsd keeps track of these assignments in a file usually in "/var/lib/nsd/zone.list" (configurable via "zonelistfile").
Zones can be added/removed pretty dynamically that way. What nsd does internally when receiving the addzone/delzone I haven't cared about so far.
On the config in general:
"server-count" should be set to the number of CPUs of the respective machine. And, if you have this set to more than 1 and run it on Linux, you might also want to consider setting "reuseport" to "yes". I have more experience with this option from a high performance unbound system, but activating this option helped improve performance by a margin of 30-40%. I think it has a similar impact on nsd when a high amount of requests has to be served.
Am 28. Dezember 2019 22:15:54 MEZ schrieb richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl>:
>On Sat, 28 Dec 2019 17:02:09 +0100
>richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote:
>
>> The problem is (was) that I used "include:" statements in nsd.conf
>> to load zone information. Apparently nsd does not reread the include
>> files upon a SIGHUP. I scripted everything into 1 file and a HUP
>> rereads the zone info now.
>
>Wrong, I made a mistake it does not. A SIGHUP does not make nsd reread
>it's config file. When using nsd-control I get an error:
>
># nsd-control delzone test.xaq.nl
>error zone defined in nsd.conf, cannot delete it in this manner: remove
>it from nsd.conf yourself and repattern
>
>The output of "nsd-checkconf -v /etc/nsd/nsd.conf":
>server:
> debug-mode: no
> ip-transparent: no
> ip-freebind: no
> reuseport: no
> do-ip4: yes
> do-ip6: no
> hide-version: yes
> database: ""
> #identity:
> #version:
> #nsid:
> #logfile:
> server-count: 1
> tcp-count: 100
> tcp-query-count: 0
> tcp-timeout: 120
> tcp-mss: 0
> outgoing-tcp-mss: 0
> ipv4-edns-size: 4096
> ipv6-edns-size: 4096
> pidfile: "/var/lib/nsd/nsd.pid"
> port: "53"
> statistics: 0
> chroot: "/var/lib/nsd/"
> username: "nsd"
> zonesdir: "/var/lib/nsd/domains/"
> xfrdfile: ""
> zonelistfile: "/var/lib/nsd/zone.list"
> xfrdir: "/var/lib/nsd/tmp/"
> xfrd-reload-timeout: 1
> log-time-ascii: yes
> round-robin: yes
> verbosity: 0
> ip-address: "127.0.0.53"
> rrl-size: 1000000
> rrl-ratelimit: 200
> rrl-slip: 2
> rrl-ipv4-prefix-length: 24
> rrl-ipv6-prefix-length: 64
> rrl-whitelist-ratelimit: 2000
> zonefiles-check: yes
> zonefiles-write: 3600
>
>remote-control:
> control-enable: yes
> control-port: 8952
> server-key-file: "/etc/nsd/nsd_server.key"
> server-cert-file: "/etc/nsd/nsd_server.pem"
> control-key-file: "/etc/nsd/nsd_control.key"
> control-cert-file: "/etc/nsd/nsd_control.pem"
>
>zone:
> name: test.xaq.nl
> zonefile: /var/lib/nsd/domains/nl/xaq/test/zone
>
>(and a lot of other zones)
>
>BTW, a "control-enable: no" gives a config error. Any hints?
>
>And perhaps some more comments on the config? Note: this is a
>supervised version running under "runit"
>
>R.
>
>--
>richard lucassen
>http://contact.xaq.nl/
>
>_______________________________________________
>nsd-users mailing list
>nsd-users at lists.nlnetlabs.nl
>https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191228/fee70654/attachment-0001.htm>
More information about the nsd-users
mailing list