[nsd-users] NSD 4.8.0 released

Wouter Wijngaards wouter at nlnetlabs.nl
Wed Dec 6 09:24:09 UTC 2023


Hi,

NSD 4.8.0 is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0.tar.gz
sha256 820da4e384721915f4bcaf7f2bed98519da563c6e4c130c742c724760ec02a0a
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.8.0.tar.gz.asc

This release introduces PROXYv2 support and faster statistics gathering,
removes the database option and fixes bugs.

The proxy protocol support is an implementation of PROXYv2 for NSD.
It can be configured with `proxy-protocol-port: portnum` with the port
number of the interface on which proxy traffic is handled.  The
interface can support proxy traffic for UDP, TCP and TLS.

The removal of the "database: nsd.db" option removes unneeded code. It
stored secondary zones in binary format. Zone files are used instead.
This turns out to be about the same speed, for file access, and use
much less memory. Plain text is also easier to deal with when inspecting
the contents.  Intended improvements in zone parser speed are expected
to further enhance the performance, making it faster than the binary
database.

The option to turn the database off with "" was introduced in 4.1.7
in 2015. It is now removed, and the 'database:' option is ignored for
backwards compatibility, also the commandline '-f' option is ignored for
backwards compatibility. This means NSD can start even though the option
is present, and can then transfer zones from the primary and serve them.

Statistics are processed faster. NSD now uses shared memory to convey
the statistics from the server processes to the xfrd process. This is
faster, and also works while a reload is in progress. The statistics are
no longer written over the command pipes between processes, and so do
not wait for the processes. It is similar to how zone-stats have been
implemented. It works for both stats and stats_noreset.

Thanks to Sunet for sponsoring the proxy protocol, and providing
useful feedback in the early testing of the proxy protocol.

4.8.0
================
FEATURES:
- Merge #281: Proxy protocol. An implementation of PROXYv2 for NSD.
   It can be configured with proxy-protocol-port: portnum with the
   port number of the interface on which proxy traffic is handled.
   The interface can support proxy traffic for UDP, TCP and TLS.
- Merge #301: improve the logging of ixfr fallbacks to axfr.
- Merge #305: faster stats. Statistics can be gathered while a reload
   is in progress.

BUG FIXES:
- Merge #282: Improve nsd.conf man page.
- Fix unused but set variable warning.
- Fix #283: Compile failure in remote.c when --disable-bind8-stats
   and --without-ssl are specified.
- Fix #284: dnstap_collector.c: SOCK_NONBLOCK is not available on
   Mac/Darwin.
- Fix unused variable warning in unit test of udb.
- Merge #287: Update nsd.conf.5.in.
- Fix autoconf 2.69 warnings in configure.
- Merge #295: Update e-mail addresses, add ref to support contracts
- Fix for interprocess communication to set quit sync command from
   main process explicitly.
- Fix processing of consolidated IXFRs.
- Remove on-disk database.
- Answer first query for connections accepted just before reload.
- Fix: Always instate write handler after reading a query over TCP.
- Fix #14: Set timeout to 3s when servicing remaining TCP connections.
- Merge #302: Test package fixes. Correct Auxfiles, kill_from_pidfile
   function and fix drop_updates, rr-test and xfr_update tests.
- Fix unit test kill_from_pidfile function for nonexistent files
   because the argument is evaluated before the test expression.
- Fix rr-test to also convert the contents of the just written output
   file.
- Fix test set to remove -f nsd.db and rm nsd.db commands.
- Fix test set to remove difffile option.

Best regards, Wouter


More information about the nsd-users mailing list