[nsd-users] NSD 4.2.3rc1 pre-release

Wouter Wijngaards wouter at nlnetlabs.nl
Thu Nov 14 12:33:45 UTC 2019


NSD 4.2.3rc1 pre-release is available:
sha256 c9623361236d5b689edee133dc1a4a92f96100acbee96a412e7eb8cd0c5cb6ca
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.2.3rc1.tar.gz.asc

This release has log fixes, features of confine-to-zone and startup
management, an implementation changes in the configuration parser and
socket handling code simplifications.  The implementation changes make
the parser context aware, which is useful for the syntax of (future)
config options.  The socket handling code was rewritten to split it
apart in separately handleable routines.

The confine-to-zone: yesno option from Greg Bock, if enabled stops NSD
from responding with data outside of the zone the query was aimed at.
Answers contain data that comes from one zone only.

The startup management patch for s6 and other service supervisors from
Cameron Nemo can be used to signal readiness notification to them, it is
in contrib.  With that there is the new option that an empty pidfile
statement (pidfile: "") in nsd.conf can be used to run NSD without
having NSD create an nsd.pid file at startup.

There is fix for the sort order of included configuration files with the
include: statement.  Due to a programming oversight it was sorted, but
in reverse.  Files are now included in the sorted order.  Mostly, if
files contain configuration snippets of different zones, or config about
different features, the include order should not matter for them.

- For #39: confine-to-zone configures NSD to not return out-of-zone
  additional information. Contributed by Greg Bock.
- For #21: pidfile "" allows to run NSD without a pidfile, for
  startup management tools like daemontools.
- For #21 add
  that adds support for readiness notification with READY_FD from
  Cameron Nemo.

- Fix #35: excessive logging of ixfr failures, it stops the log when
  fallback to axfr is possible. log is enabled at high verbosity.
- Fixup warnings during --disable-ipv6 compile.
- The nsd.conf includes are sorted ascending, for include statements
  with a '*' from glob.
- Fix #38: log address and failure reason with tls handshake errors,
  squelches (the same as unbound) some unless high verbosity is used.
- Fixup clang analysis warning in xfrd_parse_received_xfr_packet
  master dereference.

- Number of different UDP handlers has been reduced to one. recvmmsg
  and sendmmsg implementations are now used on all platforms.
  Compatible implementations are in place for systems that lack the
  system calls.
- Socket options are now set in designated functions for easy reuse.
- Socket setup has been simplified for easy reuse.
- Configuration parser is now aware of the context in which an option
  was specified.
- Fix #44: document that remote-control is a top-level nsd.conf

Best regards, Wouter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20191114/96399dec/attachment.bin>

More information about the nsd-users mailing list