[nsd-users] NSD slow fetching new zones

Klaus Darilion klaus.darilion at nic.at
Mon Apr 3 07:54:09 UTC 2023 

Hello!

We dynamically add secondary zones to NSD, and then test if NSD has fetched the zone (asking for the SOA). If the zone was not fetched yet, we try to push NSD to transfer zone faster. But sometimes that does not seem to work. For example in this case it took 15s to fetch the zone from the primary (running on localhost), although NSD was idle at this moment.

00:19:13 nsd[16628]: control cmd:  addzone example.com slave_zone_from_local_pdns
00:19:13 nsd[16632]: zonefile slave_zone_from_local_pdns/example.com does not exist
00:19:14 nsd[16628]: new control connection from 127.0.0.1
00:19:14 nsd[16628]: control cmd:  force_transfer example.com
00:19:15 nsd[16628]: new control connection from 127.0.0.1
00:19:15 nsd[16628]: control cmd:  force_transfer example.com
00:19:16 nsd[16628]: new control connection from 127.0.0.1
00:19:16 nsd[16628]: control cmd:  force_transfer example.com
00:19:18 nsd[16628]: new control connection from 127.0.0.1
00:19:18 nsd[16628]: control cmd:  force_transfer example.com
00:19:19 nsd[16628]: new control connection from 127.0.0.1
00:19:19 nsd[16628]: control cmd:  force_transfer example.com
00:19:20 nsd[16628]: new control connection from 127.0.0.1
00:19:20 nsd[16628]: control cmd:  force_transfer example.com
00:19:21 nsd[16628]: new control connection from 127.0.0.1
00:19:21 nsd[16628]: control cmd:  force_transfer example.com
00:19:22 nsd[16628]: new control connection from 127.0.0.1
00:19:22 nsd[16628]: control cmd:  force_transfer example.com
00:19:23 nsd[16628]: new control connection from 127.0.0.1
00:19:23 nsd[16628]: control cmd:  force_transfer example.com
00:19:24 nsd[16628]: new control connection from 127.0.0.1
00:19:24 nsd[16628]: control cmd:  force_transfer example.com
00:19:28 nsd[16628]: xfrd: zone example.com committed "received update to serial 2018091101 at 2023-04-03T00:19:28 from 127.0.0.1 at 14018"
00:19:28 nsd[16632]: zone example.com. received update to serial 2018091101 at 2023-04-03T00:19:28 from 127.0.0.1 at 14018 of 417 bytes in 0.00071 seconds
00:19:28 nsd[16628]: zone example.com serial 0 is updated to 2018091101

I can think of 2 possibilites:
a) the primary name server is overloaded and does not accept AXFR requests immediately
b) NSD has some timers that stop him from acting immediately

Are there any such timers in NSD? Can you please give me some hints how to debug this issue?

Thanks
Klaus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230403/52fa9121/attachment.htm>

More information about the nsd-users mailing list