[nsd-users] NSD 4.12.0rc1 pre-release
Yorgos Thessalonikefs
yorgos at nlnetlabs.nl
Tue Apr 22 13:20:51 UTC 2025
Hi Andreas,
On 18/04/2025 23:28, A. Schulze via nsd-users wrote:
> I added #437 to my build. It works, somehow...
>
> I cannot imagine a scenario for any (resolver?) software to implicitly
> send a SOA probe over UDP to port 853 / not port 53
> Could you clarify this, please?
Unbound is an example when configured with auth zones, it will send the
SOA prove over UDP before starting a zone transfer.
>
> There is also a difference to the same solution for that problem in
> unbound:
> While "netstat -lnpu" does not show open UDP sockets for DoT and DoH on
> unbound, NSD is different:
> "netstat -lnpu" shows an open Port for Do53 and DoT. Do53/UDP does
> timeout on Port 853, though.
Just to be clear with terminology (Do53 does not help if the port is not
53 :), you want to say that when a #437-patched NSD is configured for
TLS over port 853 you expect to see only TCP open on 853 but you also
see UDP open on 853?
If that is the case, the PR also needs more work apparently :)
>
> It looks like #437 works very different the the code implemented in
> unbound.
Unbound and NSD are very different on how they setup listening interfaces.
Best regards,
-- Yorgos
More information about the nsd-users
mailing list