[nsd-users] NSD still shows permission errors on Debian 10 Buster

Anand Buddhdev anandb at ripe.net
Thu May 28 18:44:54 UTC 2020

On 28/05/2020 20:00, Simon Deziel wrote:

Hi Simon,

>> I also noticed one other deficiency in the Debian unit file. It's
>> missing "Killmode=process".
> Indeed, the default is KillMode=control-group which SIGTERM everyone in
> the cgroup, wait 90s by default and then SIGKILL what remains.



> Anand, could you please provide some instructions on how to reproduce
> the issue you are/were having with the cgroup-based killing as my test
> scenario was likely too simplistic. Thanks

I don't have a reproducible scenario on hand, but on servers I manage, 
there are often up to 32 child processes, and the servers are busy 
answering thousnads of queries per second, and also often doing zone 

I noticed that sometimes when I wanted to shut down NSD on such servers, 
there would be temporary files left over from incomplete zone transfers. 
There may also have been something else, but I can't remember it now. 
Anyway, I realised this was caused by system sending TERM to all 
processes at the same time. That's why I fixed it with 
"KillMode=process". Maybe you can try by increasing the server count to 
a higher value, then forcing some zone transfers and then terminating NSD.


More information about the nsd-users mailing list