Ip-address <-> control-interface

A_Schulze · February 13, 2021, 7:18pm

Hello NSD-Developers,

the "ip-address" statement accept an interface name. NSD will listen on ip-addresses associated with that interface.
That's nice.

But the same does not work for "control-interface". Is this intentional?

server:
ip-address: eth0
verbosity: 9
remote-control:
control-enable: yes
control-interface: eth1

[2021-02-13 20:11:25.801] nsd[104]: info: interface eth0 has address 192.0.2.53
[2021-02-13 20:11:25.801] nsd[104]: notice: nsd starting (NSD 4.3.5)
[2021-02-13 20:11:25.801] nsd[104]: notice: listen on ip-address 192.0.2.53@53 (udp) with server(s): *
[2021-02-13 20:11:25.801] nsd[104]: notice: listen on ip-address 192.0.2.53@53 (tcp) with server(s): *
[2021-02-13 20:11:25.804] nsd[104]: error: control interface eth1:8952 getaddrinfo: Name or service not known
[2021-02-13 20:11:25.804] nsd[104]: error: could not open remote control port
[2021-02-13 20:11:25.804] nsd[104]: error: could not perform remote control setup

Andreas

wtoorop · February 17, 2021, 6:50pm

Hi Andreas,

I don't think that difference was intentional.
I've created a PR to resolve it:

https://github.com/NLnetLabs/nsd/pull/156

Thanks for pointing it out!

Cheers,
-- Willem

A_Schulze · February 17, 2021, 11:06pm

Hi Willem,

that's cool. It enable docker-user to setup nsd to listen for control connection over a docker bridge with a non-deterministic ip network.
Can't say, it works because I've to modify my build-system (today I build nsd only from released tar.gz ...)

Andreas

A_Schulze · February 18, 2021, 4:26pm

Can't say, it works because I've to modify my build-system (today I build nsd only from released tar.gz ...)

now:

root@233ad0e3d5b6:/usr/local/etc/nsd# cat nsd.conf
server:
ip-address: 127.0.0.1@1025
verbosity: 9
remote-control:
control-enable: yes
control-interface: eth0

root@233ad0e3d5b6:/usr/local/etc/nsd# nsd
[2021-02-18 17:25:35.292] nsd[75]: info: interface eth0 has address 172.18.0.2
[2021-02-18 17:25:35.293] nsd[75]: notice: nsd starting (NSD 4.3.6)
[2021-02-18 17:25:35.293] nsd[75]: notice: listen on ip-address 127.0.0.1@1025 (udp) with server(s): *
[2021-02-18 17:25:35.293] nsd[75]: notice: listen on ip-address 127.0.0.1@1025 (tcp) with server(s): *

root@233ad0e3d5b6:/usr/local/etc/nsd# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN -
tcp 0 0 172.18.0.2:8952 0.0.0.0:* LISTEN -

But:
root@233ad0e3d5b6:/usr/local/etc/nsd# nsd-control status
could not parse IP: eth0

A_Schulze · February 18, 2021, 6:04pm

now I also see segfaults on TLS connections.

I nailed the segfaults down to
"verbosity: 5" works, but "verbosity: 6" segfault.

https://nlnetlabs.nl/documentation/nsd/nsd.conf/#verbosity mention only level 0..3
but the code also handle 6 or even 9

Is this commit related?
https://github.com/NLnetLabs/nsd/commit/255b54fe2cb506e2c958da08b85860c547364fd6

Andreas

A_Schulze · February 18, 2021, 6:30pm

https://nlnetlabs.nl/documentation/nsd/nsd.conf/#verbosity mention only level 0..3

the code use verbosity level from 0 ..3

but the code also handle 6 or even 9
https://github.com/NLnetLabs/nsd/commit/255b54fe2cb506e2c958da08b85860c547364fd6

here it is "6"

"9" was my fault. I missread
https://github.com/NLnetLabs/nsd/blob/master/remote.c#L2208
where it's the length of "verbosity"

I only noticed the segfault because I always run nsd with "verbosity: 9"
Maybe because valid level are somehow underspecified and not limited.

Andreas

Wouter · February 19, 2021, 7:56am

Hi Andreas,

But:
root@233ad0e3d5b6:/usr/local/etc/nsd# nsd-control status
could not parse IP: eth0

now I also see segfaults on TLS connections.

I nailed the segfaults down to
"verbosity: 5" works, but "verbosity: 6" segfault.

https://nlnetlabs.nl/documentation/nsd/nsd.conf/#verbosity mention only level 0..3
but the code also handle 6 or even 9

Is this commit related?
https://github.com/NLnetLabs/nsd/commit/255b54fe2cb506e2c958da08b85860c547364fd6

Yes, that commit did it! Thanks for noticing, fixed it in commit
https://github.com/NLnetLabs/nsd/commit/6518be5ccccd95b92cfad2cae8860e0d02f191d7

So that the new log local address feature has no NULL pointer when TLS
is in use.

Best regards, Wouter

wtoorop · February 24, 2021, 11:10pm

Hi Andreas,

Can't say, it works because I've to modify my build-system (today I build nsd only from released tar.gz ...)

now:

root@233ad0e3d5b6:/usr/local/etc/nsd# cat nsd.conf
server:
ip-address: 127.0.0.1@1025
verbosity: 9
remote-control:
control-enable: yes
control-interface: eth0

root@233ad0e3d5b6:/usr/local/etc/nsd# nsd
[2021-02-18 17:25:35.292] nsd[75]: info: interface eth0 has address 172.18.0.2
[2021-02-18 17:25:35.293] nsd[75]: notice: nsd starting (NSD 4.3.6)
[2021-02-18 17:25:35.293] nsd[75]: notice: listen on ip-address 127.0.0.1@1025 (udp) with server(s): *
[2021-02-18 17:25:35.293] nsd[75]: notice: listen on ip-address 127.0.0.1@1025 (tcp) with server(s): *

root@233ad0e3d5b6:/usr/local/etc/nsd# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN -
tcp 0 0 172.18.0.2:8952 0.0.0.0:* LISTEN -

But:
root@233ad0e3d5b6:/usr/local/etc/nsd# nsd-control status
could not parse IP: eth0

Ah! That was clumsy of me! Fixed in commit:

https://github.com/NLnetLabs/nsd/pull/156/commits/6b15fbeb

I'm preparing to look into the docker issues as well b.t.w.

Cheers,
-- Willem