From wouter at nlnetlabs.nl Tue Apr 6 11:36:48 2021 From: wouter at nlnetlabs.nl (Wouter Wijngaards) Date: Tue, 6 Apr 2021 13:36:48 +0200 Subject: [nsd-users] NSD 4.3.6 released In-Reply-To: <7cf4897d-efa7-5aaf-b6b7-92053f537c21@nlnetlabs.nl> References: <7cf4897d-efa7-5aaf-b6b7-92053f537c21@nlnetlabs.nl> Message-ID: <532a8cdb-f7e9-1e57-9625-40bdd3b499ce@nlnetlabs.nl> Hi, NSD 4.3.6 is available: https://nlnetlabs.nl/downloads/nsd/nsd-4.3.6.tar.gz sha256 bee6c0cf5525acc41dade9ec9e29435299211b0de290059878f7e53249e75f18 pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.3.6.tar.gz.asc This release contains a bug fix for a zone file parse failure for text records. The release also adds the feature to print a local address, if the address is configured, in dnstap logs. The interface for nsd-control can be specified with an interface name. The zone that was parse successfully can be printed with the nsd-checkzone -p option. Also added is support to emit DNS extended errors via the EDNS option from RFC8914. It is possible to stop queries for certain zones, depending on IP address and TSIG key, with the new allow-query option, for zones that do not need to be queried, like meta zones with configuration information. A difference with rc1 is that the configure script is built with autoreconf, so that --enable-systemd works. 4.3.6 ================ FEATURES: - Fix #146 with #147: DNSTAP log the local address of the server with the dnstap logs. - Enable configuring a control-interface by interface name. - A -p option to nsd-checkzone to print a successfully read zone. - Add Extended DNS Errors RFC8914 - Per zone Access Control List for queries with an allow-query: option. BUG FIXES: - Prevent a few more yacc clashes. - Merge PR #153 from fobser: Repair -fno-common linker errors automatically. - Fix uninitialized access of log_buf in error printout on apply ixfr. - Fix AF_LOCAL compile error for Solaris. - Fix ifaddrs compile error for Solaris. - Fix ifaddrs.h compile error for Solaris. - Man page documentation for dnstap options. - Fix segfault on high verbosity for TLS channels with dnstap log local address. - Fix #163: A TSIG noncompliance with RFC 2845. - Fix that wildcard is printed as a star instead of escaped, in logs and in written zone files. - Fix double config.h include in configlexer.c - Fix to remove configyyrename from makedist.sh and also update the flex and bison rules there to add the "c_" prefix. - Fix configure to use header checks with compile. - Fix warning about unused function log_addr. - Fix #154: TXT with parentheses fails in 4.3.5. - Align parsing of TXT elements with how bind does it. - Fix configure failure for enable systemd because of autoconf. Best regards, Wouter From peter.van.dijk at powerdns.com Thu Apr 8 13:33:26 2021 From: peter.van.dijk at powerdns.com (Peter van Dijk) Date: Thu, 08 Apr 2021 15:33:26 +0200 Subject: [nsd-users] pkill nsd create zombies In-Reply-To: References: Message-ID: <41917e41aa25e0753f19d855ddfd76a92acabea6.camel@powerdns.com> Hello Andreas, On Mon, 2021-02-15 at 16:56 +0100, A. Schulze via nsd-users wrote: > root at 497d872b1c91:/# ps afx > PID TTY STAT TIME COMMAND > 19 pts/0 Ss 0:00 bash > 28 pts/0 R+ 0:00 \_ ps afx > 1 ? Ss 0:00 /bin/sleep infinity Exited processes always become zombies, until their parent reaps them. Usually this happens so quickly that you never even notice you had any zombies! If the parent process of an unreaped zombie disappears, the zombie is reparented to PID 1. On 'normal' systems (i.e. not inside Docker containers), PID 1 is an init process that is ready to reap any zombie it finds. /bin/sleep infinity (even if it does contain the string 'init'!) is not such an init process. If you pass '--init' to 'docker run', Docker will install a small init (called tini - tiny init, get it? :-) ) as PID 1 in your container, and that will reap the zombies for you. If you are not using 'docker run', consult the documentation for whatever you are using to manage your containers. I promise it will have a similar flag. Kind regards, -- Peter van Dijk PowerDNS.COM BV - https://www.powerdns.com/