[nsd-users] NSD 4.13.0 release

Jannik Peters jannik at nlnetlabs.nl
Wed Sep 3 08:35:01 UTC 2025 

Dear all,

NSD 4.13.0 release is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0.tar.gz
sha256 83181b9cfee9495076f124926b28259e7f3911c4da80e17883c211c7e17cd04e
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0.tar.gz.asc

This release enables some commonly used features by default, and introduces
experimental support for AF_XDP sockets that can be enabled with the
`--enable-xdp` feature flag (see https://nsd.docs.nlnetlabs.nl/en/latest/xdp.html).

4.13.0
================
FEATURES:
- Use '(all)' and '(none)' for the socket server affinity
  log output instead of '*' and '-'.
- The --enable-bind8-stats feature, was already enabled by default,
  is described as enabled by default in usage.
- The --enable-zone-stats feature is enabled by default. It can be
  turned on with config like `zonestats: "%s"`.
- The --enable-ratelimit feature is enabled by default. The
  ratelimit value is off by default. It can be turned on with
  config like `rrl-ratelimit: 200`.
- The --enable-dnstap feature is enabled by default. If fstrm-devel
  or protobuf-c are not found by configure it prints an error.
  It can be turned on with config like `dnstap-enable: yes`.
- Change default for send-buffer-size to 4m, to mitigate a
  cross-layer issue where the UDP socket send buffers are
  exhausted waiting for ARP/NDP resolution. Thanks to Reflyable
  for the report.
- Disable TLSv1.2 if TLSv1.3 is available.
- Merge #449: Add useful logging for XoT transfers.
- Merge #425: Add experimental XDP (AF_XDP) support for UDP traffic
- Merge #455: --with-dbdir option for configure to set the base
  directory for the xfrd zone timer state file, the zone list file
  and the cookie secrets file. Thanks Simon Josefsson.
- Merge #456: Spelling fixes in metrics.c. Thanks Simon Josefsson.

BUG FIXES:
- Fix punctuation of nsd -h output for the -a option.
- Fix checkconf unit test for when metrics are not enabled.
- Prometheus metrics tests require --enable-zone-stats.
- Add unit test for socket server affinity log output.
- Move xfrd-tcp unit test to its own file.
- Fix contrib/nsd.spec to omit configure flags that are default or
  that do not exist.
- Fix to remove mention of obsolete root-server option.
- Fix mention of draft-rrtypes and root-server configure options.
- Fix ci workflow for enable dnstap.
- Fix to remove use of sprintf from metrics.
- Fix for fstrm and protobuf-c for ci workflow coverity-scan.
- Fix for parallel build of dnstap protoc-c output.
- Fix to remove unneeded mkdir from Makefile.
- Fix dnstap to use protoc and keep dnstap_config.h unchanged if
  possible.
- Fix to provide doc for --enable-systemd.
- Fix to remove debug printout for configure dnstap header.
- Fix #441: SystemD script for NSD prevents using chroot.
- Fix to add checks for compression pointers and too long dnames in
  internal dname routines, dname_make and ixfr dname_length.
- Fix to remove shell assignment operator from Makefile for DATE.
- make depend.
- Fix bitwise operators in conditional expressions with parentheses.
- Fix conditional expressions with parentheses for bitwise and.
- Merge #445: contrib/nsd.openrc.in: use supervise-daemon and
  add `need net`.
- Fix #446 nsd_size_db_in_mem_bytes (size.db.mem) metric not
  updated on reload.
- Merge #447: Minimize disruptions on reconfig.
- For #447: Updated simdzone to latest commit. With the padding
  test changes.
- For #447: use need_to_send_reload to detect if a reload is issued.
- For #447: acl_list_equal already tests for TSIG key changes, so
  removed the duplicate checks.
- For #447: log crypto error with the SSL_write error.
- Update simdzone with support for --enable-pie.
- Merge #454 from jaredmauch: handle rare case but seen in
  production where data->query is NULL.

simdzone 0.2.3
================

FEATURES:
- check_pie: match nsd support (#253).

BUG FIXES:
- Fix tests to initialize padding (#252).
- Fix for #253, add acx_nlnetlabs.m4 in the repo and allow CFLAGS passed to
  configure to set the flags.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250903/c2d20722/attachment.bin>

More information about the nsd-users mailing list