[nsd-users] NSD 4.13.0rc1 pre-release

Anand Buddhdev anandb at ripe.net
Sat Aug 30 14:49:59 UTC 2025 

Hi Jannik,

Thanks for this release. I appreciate very much the approach of compiling
in all the stable features, and allowing the operator to activate them in
the configuration as needed. This makes it very easy to package NSD for
general use. I also appreciate the --with-dbdir option to specify one place
for many of NSD's runtime files. My "configure" invocation is now much more
compact, and the resulting package is also more useful.

It compiles without warnings under Oracle Linux 9, and is running on a test
server.

Regards,
Anand Buddhdev
RIPE NCC

On Tue, 26 Aug 2025 at 14:52, Jannik Peters via nsd-users <
nsd-users at lists.nlnetlabs.nl> wrote:

> Dear all,
>
> NSD 4.13.0 pre-release is available:
> https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0rc1.tar.gz
> sha256 b5b48013eaf72f84c6feddbf452899909970a0194b1dc002a3aea97e70aacd09
> pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0rc1.tar.gz.asc
>
> This release enables some commonly used features by default, and introduces
> experimental support for AF_XDP sockets that can be enabled with the
> `--enable-xdp` feature flag (see
> https://nsd.docs.nlnetlabs.nl/en/latest/xdp.html).
>
> Please review this pre-release carefully. If no issues arise, the actual
> release will follow on Wednesday 2025-09-03.
>
> 4.13.0
> ================
> FEATURES:
> - Use '(all)' and '(none)' for the socket server affinity
>   log output instead of '*' and '-'.
> - The --enable-bind8-stats feature, was already enabled by default,
>   is described as enabled by default in usage.
> - The --enable-zone-stats feature is enabled by default. It can be
>   turned on with config like `zonestats: "%s"`.
> - The --enable-ratelimit feature is enabled by default. The
>   ratelimit value is off by default. It can be turned on with
>   config like `rrl-ratelimit: 200`.
> - The --enable-dnstap feature is enabled by default. If fstrm-devel
>   or protobuf-c are not found by configure it prints an error.
>   It can be turned on with config like `dnstap-enable: yes`.
> - Change default for send-buffer-size to 4m, to mitigate a
>   cross-layer issue where the UDP socket send buffers are
>   exhausted waiting for ARP/NDP resolution. Thanks to Reflyable
>   for the report.
> - Disable TLSv1.2 if TLSv1.3 is available.
> - Merge #449: Add useful logging for XoT transfers.
> - Merge #425: Add experimental XDP (AF_XDP) support for UDP traffic
> - Merge #455: --with-dbdir option for configure to set the base
>   directory for the xfrd zone timer state file, the zone list file
>   and the cookie secrets file. Thanks Simon Josefsson.
> - Merge #456: Spelling fixes in metrics.c. Thanks Simon Josefsson.
>
>
> BUG FIXES:
> - Fix punctuation of nsd -h output for the -a option.
> - Fix checkconf unit test for when metrics are not enabled.
> - Prometheus metrics tests require --enable-zone-stats.
> - Add unit test for socket server affinity log output.
> - Move xfrd-tcp unit test to its own file.
> - Fix contrib/nsd.spec to omit configure flags that are default or
>   that do not exist.
> - Fix to remove mention of obsolete root-server option.
> - Fix mention of draft-rrtypes and root-server configure options.
> - Fix ci workflow for enable dnstap.
> - Fix to remove use of sprintf from metrics.
> - Fix for fstrm and protobuf-c for ci workflow coverity-scan.
> - Fix for parallel build of dnstap protoc-c output.
> - Fix to remove unneeded mkdir from Makefile.
> - Fix dnstap to use protoc and keep dnstap_config.h unchanged if
>   possible.
> - Fix to provide doc for --enable-systemd.
> - Fix to remove debug printout for configure dnstap header.
> - Fix #441: SystemD script for NSD prevents using chroot.
> - Fix to add checks for compression pointers and too long dnames in
>   internal dname routines, dname_make and ixfr dname_length.
> - Fix to remove shell assignment operator from Makefile for DATE.
> - make depend.
> - Fix bitwise operators in conditional expressions with parentheses.
> - Fix conditional expressions with parentheses for bitwise and.
> - Merge #445: contrib/nsd.openrc.in: use supervise-daemon and
>   add `need net`.
> - Fix #446 nsd_size_db_in_mem_bytes (size.db.mem) metric not
>   updated on reload.
> - Merge #447: Minimize disruptions on reconfig.
> - For #447: Updated simdzone to latest commit. With the padding
>   test changes.
> - For #447: use need_to_send_reload to detect if a reload is issued.
> - For #447: acl_list_equal already tests for TSIG key changes, so
>   removed the duplicate checks.
> - For #447: log crypto error with the SSL_write error.
> - Update simdzone with support for --enable-pie.
> - Merge #454 from jaredmauch: handle rare case but seen in
>   production where data->query is NULL.
>
> simdzone 0.2.3
> ================
>
> FEATURES:
> - check_pie: match nsd support (#253).
>
> BUG FIXES:
> - Fix tests to initialize padding (#252).
> - Fix for #253, add acx_nlnetlabs.m4 in the repo and allow CFLAGS passed to
>   configure to set the flags.
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250830/ca8eeb08/attachment.htm>

More information about the nsd-users mailing list