[nsd-users] NSD 4.5.0rc1 pre-release

A. Schulze sca at andreasschulze.de
Fri May 6 21:35:58 UTC 2022



Am 06.05.22 um 13:42 schrieb Wouter Wijngaards via nsd-users:
> Hi,
> 
> NSD 4.5.0rc1 pre-release is available
> https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz

Hello Wouter,

this version compile without problems here and works at my small lab environment.

> sha256 2143268818f0f840f9fbb99a9350eaa553ee9d0b3b325851dd14a7b815b0a6e7
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz.gpg
should end with .asc, not .gpg

> This release fixes a couple of minor bugs and adds IXFR out
> functionality. With this functionality NSD can respond to IXFR queries
> and serve IXFR transfers downstream.
> 
> It is default disabled,
make sense ...


But I would like the moment to point to segfaults I'm seeing more for years
(https://lists.nlnetlabs.nl/pipermail/nsd-users/2019-June/002699.html)
but not further discussed on this list yet.

Today I found a new data point. I use to build NSD with libev. I see failures.
I would say, they are related to process termination.
Today I rebuild NSD with libevent and the failure goes away!

To reproduce that I wrote two Dockerfile (attached)

$ docker build -t nsd:libevent -f Dockerfile.libevent .
...
Successfully tagged nsd:libevent
$ docker run --rm -ti nsd:libevent
[2022-05-06 21:18:42.056] nsd[1]: notice: nsd starting (NSD 4.5.0)
[2022-05-06 21:18:42.096] nsd[7]: notice: nsd started (NSD 4.5.0), pid 1
<PRESS CTRL+C>
[2022-05-06 21:18:43.979] nsd[7]: warning: signal received, shutting down...

-> this is ok

now let's build using libev
$ docker build -t nsd:libev -f Dockerfile.libev .
...
Successfully tagged nsd:libev
$ docker run --rm -ti nsd:libev
[2022-05-06 21:21:14.724] nsd[1]: notice: nsd starting (NSD 4.5.0)
[2022-05-06 21:21:14.743] nsd[7]: notice: nsd started (NSD 4.5.0), pid 1
<PRESS CTRL+C>
[2022-05-06 21:21:32.879] nsd[7]: warning: server 8 died unexpectedly, restarting
[2022-05-06 21:21:32.879] nsd[7]: warning: signal received, shutting down...
[2022-05-06 21:21:32.884] nsd[9]: error: mode bad value 2, back to service.

-> I think, this should not happen...

I mentioned process termination. I see similar segfaults if NSD as slave receive new data via axfr.
One server's log fill up with segfaul messages, but the data received via axfr are valid!
The segfault seem to happen very close to a NSD process end.

Andreas
-
-------------- next part --------------
# docker build -t nsd:libevent -f Dockerfile.libevent .
FROM debian:bullseye-slim AS builder

RUN apt-get --quiet --yes update
RUN apt-get --quiet --yes install --no-install-recommends \
      build-essential \
      libevent-dev \
      libssl-dev

WORKDIR /tmp/
ADD https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz .

RUN tar xzf nsd-4.5.0rc1.tar.gz --strip-component=1
RUN ./configure
RUN make
RUN make install

FROM debian:bullseye-slim
COPY --from=builder /usr/local/ /usr/local/
RUN    useradd nsd \
    && install -d /etc/nsd/ \
    && install -d -o nsd /var/db/nsd/ \
    && touch /etc/nsd/nsd.conf \
    && apt-get --quiet --yes update \
    && apt-get --quiet --yes install --no-install-recommends \
         libevent-2.1 \
         libssl1.1 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

CMD [ "/usr/local/sbin/nsd", "-d" ]
-------------- next part --------------
# docker build -t nsd:libev -f Dockerfile.libev .
FROM debian:bullseye-slim AS builder

RUN apt-get --quiet --yes update
RUN apt-get --quiet --yes install --no-install-recommends \
      build-essential \
      libev-libevent-dev \
      libssl-dev

WORKDIR /tmp/
ADD https://nlnetlabs.nl/downloads/nsd/nsd-4.5.0rc1.tar.gz .

RUN tar xzf nsd-4.5.0rc1.tar.gz --strip-component=1
RUN ./configure
RUN make
RUN make install

FROM debian:bullseye-slim
COPY --from=builder /usr/local/ /usr/local/
RUN    useradd nsd \
    && install -d /etc/nsd/ \
    && install -d -o nsd /var/db/nsd/ \
    && touch /etc/nsd/nsd.conf \
    && apt-get --quiet --yes update \
    && apt-get --quiet --yes install --no-install-recommends \
         libev4 \
         libssl1.1 \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

CMD [ "/usr/local/sbin/nsd", "-d" ]


More information about the nsd-users mailing list