Hello NSD developers,
The new release candidate of NSD, with the new prometheus metrics feature, got me thinking about NSD’s feature set, and how so many of its features have to be enabled at compile time. The result of of this is that NSD packages on various operating systems behave differently. I would like to propose that you adjust the build process to compile in all the features of NSD, and default them to “off”, so that operators can enable the features they need in the nsd.conf configuration file. My longer rationale follows.
Let’s take the “dnstap” feature, for example. On the Debian/Ubuntu builds, it is enabled. However, it’s not enabled in Fedora EPEL (and thus not available in Fedora, RedHat, CentOS and all the RedHat derivatives) nor in Homebrew (macOS).
Another feature, “rate-limit”, is enabled in both the Debian family builds as well as Fedora EPEL, but not in Homebrew. This feature also exposes the inconsistency in the documentation. The man page of nsd.conf has all the “dnstap” options described, noting that they only apply if “dnstap” has been compiled in. But for rate limiting, it’s confusing, at the very least. If RRL is compiled in, then the man page describes all the options. However, if RRL is not compiled in, then many (but not all) of the options are omitted from the man page. Some RRL options appear here and there randomly, in relation to other options such as “xfrd-tcp-max”, “refuse-any” and “answer-cookie”. A user of macOS, with nsd installed from Homebrew, reading the nsd.conf man page, would be quite confused.
Fedora user: hey, you can enable rate limiting
macOS user: okay, but how? The man page of nsd.conf doesn’t give any examples.
Fedora user: seriously? are you sure you have the latest version? 4.11.1?
macOS user: yes, I am certain that I have 4.11.1 installed.
Fedora user: and the nsd.conf man page doesn’t mention any “rrl” options?
macOS user: well, it does mention some options. If I search for “rrl”, I see some options, including a pointer to the “rrl-ratelimit” section, but it’s just not there.
Fedora user: what? seriously? are you sure you compiled with “–enable-rate-limit”
macOS user: compiled? No, I installed the nsd package from Homebrew. Are you saying I need to compile it myself just to enable the rate-limit feature?
Fedora user: yeah, you can download the source, and compile it yourself, and fine-tune nsd exactly as you like. You can also enable some other features like X and Y.
macOS user: groan. I just wanted to quickly install and use the software, not faff around with configure scripts, makefiles and all these enable/disable options.
Over the years, as NSD has acquired more and more features, some have been randomly compiled in by default, and others left out, to be enabled at compile time. Most software that I know of, just includes all the features, to be turned on in the configuration file. The documentation is also consistent. If a certain feature is not available on a certain OS, then of course it cannot be compiled in, but this is rare.
I understand that some features, when newly introduced, may need to be compile-time options, because they might depends on unstable libraries or need testing. But eventually, such features should just become standard as well.
What do other users think of this?
Regards,
Anand Buddhdev
