[nsd-users] nsd-notify retries?

W.C.A. Wijngaards wouter at NLnetLabs.nl
Mon Nov 28 15:41:51 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul, Michael,

In NSD3, the daemon can perform notifies (with retries) for you, all in
parallel.  This only happens when you have notify: configured for the
zone(s) and the serial number is updated (i.e. you nsdc rebuild && nsdc
reload, or it is a slave zone and the master is updated).

In NSD4, the same thing, but nsdc is obsolete, you have nsd-control
notify, nsd-control contacts the server over SSL and the daemon sends
notifies for one or all zones.

The daemon uses 50 sockets (or so) to do the updates, so 50 zones are
active at once, like 'make -j50 notify'.  These are constants in xfrd.h
at this time, perhaps would need to be increased if you have 500000 zones.

Best regards,
   Wouter

On 11/28/2011 04:15 PM, Paul Wouters wrote:
> On Mon, 28 Nov 2011, Michael Tokarev wrote:
> 
>> Now, the questions.
>>
>> Should maybe nsd-notify implement the functionality of the
>> nsdc script in this case, by scanning the conffile and sending
>> all notifies to all found zones and to all nameservers just the
>> same way as `nsdc notify' does, but doing it all in parallel, not
>> one after another?
>>
>> And, should nsd-notify wait for so long and try to do so many
>> attempts for each?  Maybe do just two attempts (second within
>> a 1-second interval) and be done with it?  Or maybe there should
>> be some option for that?
>>
>> Or maybe it is better for nsd itself to send the notifies, f.e.
>> as triggered by nsd-notify - so that nsd-notify does not send
>> notifies itself but sends a trigger to a running daemon who
>> maintains list of "pending" notifications?  (Probably too
>> complicated for the daemon)
>>
>> Why nsd-notify does not detect ICMP errors which are being
>> returned by the operating system, and waits till timeout
>> expires?
> 
> I agree, and have brought this up in the past. I think it has
> not been considered a high priority item because the focus of
> nsd has been more on small sets of zones like TLDs. When you run
> 100 zones with nsd and you have a name server outage, all the
> notify delays cause significant problems. Or in our case, we always
> have some half broken test zones and test servers that are not
> working causing massive delays in the init scripts.
> 
> I think the nsd team also feels the separate nsd-notify is an
> obsolete feature, but I'm not sure if just restarting the daemon
> itself causes the built-in notify code to trigger.
> 
> I would be happy if nsd-notify provided a "fire and forget" option,
> even willing to write the patch :)
> 
> Paul
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO06u/AAoJEJ9vHC1+BF+N824QAIkDsGS6sxDoHho137MHjYq2
cwPS8DAySe/qsPEjEJvPfh0D8OnwzyDMKSs45yi77ntUEHVBNtTcMqKOhq84po+w
zWtWP4MIf9cY+k39XeJLGnDO9k1qZHVgKpz4rA6IlD6fSOfmTyKxOwcP5XRYXx2o
pnd6k5Q3PkMmnKl7iEYKr7GN4i6Wt/XXToRO/AXN2sddlGsgHiE9f6o4u4KQDacN
90Rx2M+9y+oIhDwfIEgQTLJVVqp8f6sj2FNujZtkac4ATrP3pMuFchX/DGy7Q9Wy
On0SaZFpNhUFhepkN53rUthbrknbSXLAL28GUYrckhvVxrLiUHKxn0dqsFJXEkHi
HkwXWQkTSNqzt3akR5yG3PcDe4u3koYzLirFKsQtaqM/NHw9/1b3bytApa3v0UrC
nkuylOnH9+Iy6PhoS/9yh/Zq4vc8Qg+030gKAJkcmWDa0I1ZuSKNIwaW9q7oYZ1w
eefu7LSJnkZK10tgaGZKyLwSSdoNH1iAwcD7E7VNdPwfsNw4ypx5NgoOfksMbFGh
3zqeZSbcTxBrXDPGXI9dX1xHTi2ApMU9l878WVFcO7Ip/jtU5JcOKMdxKG2SFNFO
Em6kQzsTMJ1X525Z/7EmAwC6HsQ2n5XyUR2UBpDpZA239TRTIsriD2rUKkdocEXU
VSjc+lwOySUR3qOgJqEl
=Eznc
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list