NSD 2.3.4 released

Paul Wouters paul at xelerance.com
Mon May 8 13:22:59 UTC 2006


On Mon, 8 May 2006, Miek Gieben wrote:

> > It still takes a long time for nsd to startup when there are problems with
> > secondaries.
>
> Could you elaborate a bit more on that?

I am seeing this:

[1147094258] nsd-xfer[4301]: error: answer section is empty
[1147094258] nsd-xfer[4303]: error: answer section is empty
[1147094259] nsd-xfer[4305]: error: answer section is empty
[1147094259] nsd-xfer[4307]: error: answer section is empty
Starting nsd...
[1147094264] nsd-notify[4352]: warning: bad reply from 192.139.46.149, error respons NOT IMPL (4).
[1147094264] nsd-notify[4352]: warning: bad reply from 192.139.46.149, error respons NOT IMPL (4).
[1147094265] nsd-notify[4353]: warning: bad reply from 192.139.46.149, error respons NOT IMPL (4).
[1147094265] nsd-notify[4353]: warning: bad reply from 192.139.46.149, error respons NOT IMPL (4).
[1147094265] nsd-notify[4354]: warning: bad reply from 192.139.46.149, error respons NOT IMPL (4).
[1147094272] nsd-notify[4367]: warning: bad reply from 205.150.200.178, error respons NOT AUTHORIZED (9).

Though I have to correct myself, those first 5 messages happen pretty quickly,
and then nsd is listening already. Perhaps it is better to change the
order in the init scripts to run things. Now I do:

        /usr/sbin/nsdc rebuild >/dev/null
        /usr/sbin/nsdc update >/dev/null
        echo -n $"Starting nsd... "
        nsd $OTHER_NSD_OPTS

The problem is during rebuild and update, nsd is not running. Perhaps rebuild
be run before stopping nsd, and update can be run after starting nsd?

I notice a few seconds of downtime, and we only have about 25 zones. I think
with thousands of zones, the downtime might be considerable.

> > However, the no-ipv6 bug, as described here:
> >   http://open.nlnetlabs.nl/pipermail/nsd-users/2003-July/000044.html
> > has resurfaced. I've added a workaround in the nsd init script to append
> > "-4" if no IPv6 is detected on Linux.
>
> hmmpf... I agree what is says in the thread on bugzilla, checking for
> ipv6 should be done outside of NSD. Strange though that this pops
> up now...

Personally, I think nsd should not NOT start if there is no IPv6 and you
give it no special parameters. Eg typing "/usr/sbin/nsd" should work if
there is no IPv6.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the nsd-users mailing list