[nsd-users] NSD 4.12.0rc1 pre-release

A. Schulze sca at andreasschulze.de
Wed Apr 23 20:19:54 UTC 2025 

Hello Yorgos,

Am 22.04.25 um 15:20 schrieb Yorgos Thessalonikefs via nsd-users:
> Unbound is an example when configured with auth zones, it will send the SOA prove over UDP before starting a zone transfer.

correct, I verified that by such an unbound.conf

(10.0.0.2 is an NSD serving the zone 'example.' over 53/UDP, 53/TCP and 853/TLS = TCP )

auth-zone:
         name: "example."
         for-downstream: no
         for-upstream: yes
         fallback-enabled: yes
         primary: 10.0.0.2 at 853#nsd
         zonefile: "/spool/auth-zones/example"

with tcpdump I saw unbound
  - asking 10.0.0.2 at 53 via UDP for a SOA-Record
then
  - transfering the zone over a TLS conection to 10.0.0.2 at 853 / TCP

I do not saw any traffic to 10.0.0.2 at 853 / UDP

> ... you expect to see only TCP open on 853 but you also see UDP open on 853?
yes

NSD even write it to my log:

nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: nsd starting (NSD 4.12.0)
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 10.0.0.2 at 53 (udp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 10.0.0.2 at 53 (tcp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 10.0.0.2 at 853 (udp) with server(s): -
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 10.0.0.2 at 853 (tcp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: info: creating unix socket /run/nsd-control.socket
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone . read with success
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone example. read with success
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: notice: nsd started (NSD 4.12.0), pid 1

Notice the '-' at the end of the 853-UDP line, while the other lines end with '*'
No idea, what that means...

In the NSD-Container I run:

root at nsd:/# netstat -lnpt | grep 10.0.0.2
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      -
tcp        0      0 10.0.0.2:853            0.0.0.0:*               LISTEN      -
root at nsd:/# netstat -lnpu | grep 10.0.0.2
udp        0      0 10.0.0.2:53             0.0.0.0:*                           -
udp        0      0 10.0.0.2:853            0.0.0.0:*                           -

Andreas

More information about the nsd-users mailing list