[nsd-users] NSD reload and restart : in-memory data

Vaga LT centrack.00 at gmail.com
Thu Jun 29 06:47:23 UTC 2023 

Hi Jeroen,

Thank you very much for the information.

Best Regards.

On Thu, Jun 29, 2023 at 1:47 AM Jeroen Koekkoek <jeroen at nlnetlabs.nl> wrote:

> Hi,
>
> > My questions are as follows
> > 1) When zone data is not saved on file and only held in memory NSD
> > initiates zone transfer after NSD service is restarted.
> >
> > Would like to know if there is a time limit from when zone transfer
> > is requested until data gets saved in memory.
>
> I'm not sure if I understand your question correctly, but:
>
> There is a reload timer, configurable through xfrd-reload-timeout, that
> determines how often a reload is triggered. There is however no time
> limit from when a zone is requested. When a zone transfer is received,
> (triggered by the refresh timer in the SOA record expiring, through a
> NOTIFY or having no zone data), a transfer for that zone is scheduled.
> xfrd (transfer daemon in NSD) updates the timers with the data from the
> AXFR/IXFR. How long it takes for the reload to complete depends on the
> number of changes within that reload.
>
> > 2) When NSD service is 'reloaded' for example by running 'systemctl
> > reload nsd' does NSD check the serial number (SOA) for each record
> > and tries to initiate a zone transfer?
> >
> > After performing a service reload the following entries are logged.
> >
> > nsd[1704236]: error: xfrd: zone testnsdexp01.tk received error code
> > SERVER NOT AUTHORITATIVE FOR ZONE from xx.xx.xx.xx
> > nsd[1704236]: error: xfrd: zone testnsdexp01.tk, from xx.xx.xx.xx: no
> > tsig in first packet of reply
> > nsd[1704236]: info: xfrd: zone testnsdexp01.tk bad transfer 0 from
> > xx.xx.xx.xx
> >
> > The zone records for testnsdexp01.tk is not present on the master DNS
> > servers therefore it returns error but it seems like NSD is doing
> > some sort of checks during the reload process hence its trying to get
> > the records for 'testnsdexp01.tk'.
> >
>
> These errors are from xfrd, which is the process that keeps running and
> is not recycled (unlike the server(s)). Once there's no more zone data,
> either by not having it in the first place on (re)load or because it
> has expired, xfrd will request new data from the primary every so
> often. The messages above is merely xfrd indicating it cannot refresh
> the zone.
>
> So, to answer your question, yes, once NSD restarts it tries to request
> a zone transfer for zones that have no data.
>
> Best regards,
> Jeroen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20230629/fdfa9286/attachment.htm>

More information about the nsd-users mailing list