[nsd-users] NSD 4.13.0rc1 pre-release

Klaus Darilion klaus.darilion at nic.at
Mon Sep 8 21:20:29 UTC 2025 

Hi Jannik!

Do you think it would be possible to convert
  configure –enable-packed
and
  configure –disable-radix-tree
into config file options? That way we could save RAM without recompiling.

Thanks
Klaus


From: nsd-users <nsd-users-bounces at lists.nlnetlabs.nl> On Behalf Of Anand Buddhdev via nsd-users
Sent: Saturday, August 30, 2025 4:50 PM
To: nsd-users at lists.nlnetlabs.nl
Subject: Re: [nsd-users] NSD 4.13.0rc1 pre-release

Hi Jannik,

Thanks for this release. I appreciate very much the approach of compiling in all the stable features, and allowing the operator to activate them in the configuration as needed. This makes it very easy to package NSD for general use. I also appreciate the --with-dbdir option to specify one place for many of NSD's runtime files. My "configure" invocation is now much more compact, and the resulting package is also more useful.

It compiles without warnings under Oracle Linux 9, and is running on a test server.

Regards,
Anand Buddhdev
RIPE NCC

On Tue, 26 Aug 2025 at 14:52, Jannik Peters via nsd-users <nsd-users at lists.nlnetlabs.nl<mailto:nsd-users at lists.nlnetlabs.nl>> wrote:
Dear all,

NSD 4.13.0 pre-release is available:
https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0rc1.tar.gz
sha256 b5b48013eaf72f84c6feddbf452899909970a0194b1dc002a3aea97e70aacd09
pgp https://nlnetlabs.nl/downloads/nsd/nsd-4.13.0rc1.tar.gz.asc

This release enables some commonly used features by default, and introduces
experimental support for AF_XDP sockets that can be enabled with the
`--enable-xdp` feature flag (see https://nsd.docs.nlnetlabs.nl/en/latest/xdp.html).

Please review this pre-release carefully. If no issues arise, the actual
release will follow on Wednesday 2025-09-03.

4.13.0
================
FEATURES:
- Use '(all)' and '(none)' for the socket server affinity
  log output instead of '*' and '-'.
- The --enable-bind8-stats feature, was already enabled by default,
  is described as enabled by default in usage.
- The --enable-zone-stats feature is enabled by default. It can be
  turned on with config like `zonestats: "%s"`.
- The --enable-ratelimit feature is enabled by default. The
  ratelimit value is off by default. It can be turned on with
  config like `rrl-ratelimit: 200`.
- The --enable-dnstap feature is enabled by default. If fstrm-devel
  or protobuf-c are not found by configure it prints an error.
  It can be turned on with config like `dnstap-enable: yes`.
- Change default for send-buffer-size to 4m, to mitigate a
  cross-layer issue where the UDP socket send buffers are
  exhausted waiting for ARP/NDP resolution. Thanks to Reflyable
  for the report.
- Disable TLSv1.2 if TLSv1.3 is available.
- Merge #449: Add useful logging for XoT transfers.
- Merge #425: Add experimental XDP (AF_XDP) support for UDP traffic
- Merge #455: --with-dbdir option for configure to set the base
  directory for the xfrd zone timer state file, the zone list file
  and the cookie secrets file. Thanks Simon Josefsson.
- Merge #456: Spelling fixes in metrics.c. Thanks Simon Josefsson.


BUG FIXES:
- Fix punctuation of nsd -h output for the -a option.
- Fix checkconf unit test for when metrics are not enabled.
- Prometheus metrics tests require --enable-zone-stats.
- Add unit test for socket server affinity log output.
- Move xfrd-tcp unit test to its own file.
- Fix contrib/nsd.spec to omit configure flags that are default or
  that do not exist.
- Fix to remove mention of obsolete root-server option.
- Fix mention of draft-rrtypes and root-server configure options.
- Fix ci workflow for enable dnstap.
- Fix to remove use of sprintf from metrics.
- Fix for fstrm and protobuf-c for ci workflow coverity-scan.
- Fix for parallel build of dnstap protoc-c output.
- Fix to remove unneeded mkdir from Makefile.
- Fix dnstap to use protoc and keep dnstap_config.h unchanged if
  possible.
- Fix to provide doc for --enable-systemd.
- Fix to remove debug printout for configure dnstap header.
- Fix #441: SystemD script for NSD prevents using chroot.
- Fix to add checks for compression pointers and too long dnames in
  internal dname routines, dname_make and ixfr dname_length.
- Fix to remove shell assignment operator from Makefile for DATE.
- make depend.
- Fix bitwise operators in conditional expressions with parentheses.
- Fix conditional expressions with parentheses for bitwise and.
- Merge #445: contrib/nsd.openrc.in<http://nsd.openrc.in>: use supervise-daemon and
  add `need net`.
- Fix #446 nsd_size_db_in_mem_bytes (size.db.mem) metric not
  updated on reload.
- Merge #447: Minimize disruptions on reconfig.
- For #447: Updated simdzone to latest commit. With the padding
  test changes.
- For #447: use need_to_send_reload to detect if a reload is issued.
- For #447: acl_list_equal already tests for TSIG key changes, so
  removed the duplicate checks.
- For #447: log crypto error with the SSL_write error.
- Update simdzone with support for --enable-pie.
- Merge #454 from jaredmauch: handle rare case but seen in
  production where data->query is NULL.

simdzone 0.2.3
================

FEATURES:
- check_pie: match nsd support (#253).

BUG FIXES:
- Fix tests to initialize padding (#252).
- Fix for #253, add acx_nlnetlabs.m4 in the repo and allow CFLAGS passed to
  configure to set the flags.
_______________________________________________
nsd-users mailing list
nsd-users at lists.nlnetlabs.nl<mailto:nsd-users at lists.nlnetlabs.nl>
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20250908/b0627f70/attachment-0001.htm>

More information about the nsd-users mailing list