[nsd-users] NSD reload and restart : in-memory data

Jeroen Koekkoek jeroen at nlnetlabs.nl
Wed Jun 28 16:47:28 UTC 2023 

Hi,

> My questions are as follows
> 1) When zone data is not saved on file and only held in memory NSD
> initiates zone transfer after NSD service is restarted.
> 
> Would like to know if there is a time limit from when zone transfer
> is requested until data gets saved in memory.

I'm not sure if I understand your question correctly, but:

There is a reload timer, configurable through xfrd-reload-timeout, that
determines how often a reload is triggered. There is however no time
limit from when a zone is requested. When a zone transfer is received,
(triggered by the refresh timer in the SOA record expiring, through a
NOTIFY or having no zone data), a transfer for that zone is scheduled.
xfrd (transfer daemon in NSD) updates the timers with the data from the
AXFR/IXFR. How long it takes for the reload to complete depends on the
number of changes within that reload.

> 2) When NSD service is 'reloaded' for example by running 'systemctl
> reload nsd' does NSD check the serial number (SOA) for each record
> and tries to initiate a zone transfer?
> 
> After performing a service reload the following entries are logged.
> 
> nsd[1704236]: error: xfrd: zone testnsdexp01.tk received error code
> SERVER NOT AUTHORITATIVE FOR ZONE from xx.xx.xx.xx
> nsd[1704236]: error: xfrd: zone testnsdexp01.tk, from xx.xx.xx.xx: no
> tsig in first packet of reply
> nsd[1704236]: info: xfrd: zone testnsdexp01.tk bad transfer 0 from
> xx.xx.xx.xx
>  
> The zone records for testnsdexp01.tk is not present on the master DNS
> servers therefore it returns error but it seems like NSD is doing
> some sort of checks during the reload process hence its trying to get
> the records for 'testnsdexp01.tk'.
> 

These errors are from xfrd, which is the process that keeps running and
is not recycled (unlike the server(s)). Once there's no more zone data,
either by not having it in the first place on (re)load or because it
has expired, xfrd will request new data from the primary every so
often. The messages above is merely xfrd indicating it cannot refresh
the zone.

So, to answer your question, yes, once NSD restarts it tries to request
a zone transfer for zones that have no data.

Best regards,
Jeroen

More information about the nsd-users mailing list