NSD 2.3.6 release

NSD
1

Hi,

The fixes we have been making to 3.0.x after testing and deployment have been backported to the 2.3.x branch. Thus the 2.3.6 release.

Quick download link:
http://www.nlnetlabs.nl/downloads/nsd/nsd-2.3.6.tar.gz
SHA-1:

35924540e51ac67150c6bdee6e6f1e411c44ab88

Most important to stress here is to note that the network behaviour is

different: NSD sets the flags more cleanly. When there is a format error (total garbage on input or unknown opcodes, ...), NSD will now clear flags it did not clear before. Also it clears the TC flag (please don't send this garbage to the tcp port next). On authoritative answers, NSD now clears the CD bit according to RFC 4034/4035. This has a side effect of making NSD wire packets closer to answers from Bind9.

The parallel axfr makefile patch from Stephane is in contrib. It allows you to perform zone transfers in parallel with NSD 2.3.x.

Another interesting fix is that when no ip-addresses are specified in config, NSD will not fail if IP6 is not present but IP4 is present. The lack of IP6 sockets would be a fatal error on startup before. This helps package nsd for a variety of machines more easily.

Asked for on this list, the stats resynchronisation to whole periods is in this release too.

To repeat, all these bugs are also fixed in 3.0.1 or scheduled for a 3.0.2 release. This is part of the ongoing support for NSD2 by the NSD team.

And various more fixes for bugs that have been found (but not in new functionality of 3.0). Here is the release notes entry.
        - nsd-notify will retry max 15 times 5 second retries.
        - Bug #105: nsdc lacks locking, fixed locking for root user.
        - Bug #134: nsd: make -N <large number> work again
        - Bug #135: Typo in locking code for nsdc, fixed.
        - uninitialised variable (found in nsd3 debugging) fixed.
        - unaligned memory access (on Solaris SPARC, from nsd3 debugging),
          in zonec LOC parsing, fixed.
        - removed unused named8_stats ptr.
        - Bug #138: nsd aborts trying to bind all interfaces if ip6 is not
          enabled, instead it will fallback to ip4.
        - Bug #139: resync stats to whole period.
        - Bug #140: NSD did not clear CD bit on authoritative answers.
        - Bug #141: NSD did not clear flags on a formerror reply.
        - tsig null ptr when size set, fixed.
        - Bug #144: LOC RRtype defaults not according to RFC1876.

Best regards,
   Wouter

2

Thanks. I'm working on the Fedora package, and noticed on i686 with gcc 4.1.1:

  util.c: In function 'log_file':
  util.c:94: warning: format '%d' expects type 'int', but argument 4 has type 'time_t'

A cast to int like in nsd-3.0.0 fixed that.

  zlexer.c: In function 'yylex':
  zlexer.lex:268: warning: ignoring return value of 'fwrite', declared with attribute warn_unused_result

fwrite returns int, not void. I changed the ECHO macro and used a variable
to store results (which is never used).

  zonec.c: In function 'zparser_conv_time':
  zonec.c:130: warning: implicit declaration of function 'strptime'

This one I am confused about. The man page tells me I would just need to

#include <stdio.h>
#define _XOPEN_SOURCE /* glibc2 needs this */
#include <time.h>

The includes are already there, and the define makes no difference. I'm not
sure why we get this warning.

  zonec.c: In function 'zparser_conv_loc':
  zonec.c:664: warning: ignoring return value of 'strtol', declared with attribute warn_unused_result

I just stored the result in "i", as it was an unused variable at this point.
Probably not the right fix.

nsd-xfer.c: In function 'print_rr':
nsd-xfer.c:459: warning: ignoring return value of 'fwrite', declared with attribute warn_unused_result

Fix similar like before.

On x86_64, it seems the linker is trying some default /usr/lib (which is
wrong and should be /usr/lib64, as specified with --libdir)

gcc -O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -m64 -mtune=nocona -L/usr/lib -o nsd answer.o axfr.o buffer.o dbaccess.o dname.o dns.o edns.o namedb.o netio.o nsd.o packet.o plugins.o query.o rbtree.o rdata.o region-allocator.o server.o tsig.o tsig-openssl.o util.o b64_pton.o b64_ntop.o -lwrap -lcrypto -lnsl -ldl
/usr/bin/ld: skipping incompatible /usr/lib/libnsl.so when searching for -lnsl
/usr/bin/ld: skipping incompatible /usr/lib/libnsl.a when searching for -lnsl
/usr/bin/ld: skipping incompatible /usr/lib/libdl.so when searching for -ldl
/usr/bin/ld: skipping incompatible /usr/lib/libdl.a when searching for -ldl
/usr/bin/ld: skipping incompatible /usr/lib/libc.so when searching for -lc
/usr/bin/ld: skipping incompatible /usr/lib/libc.a when searching for -lc

So something is going wrong with a hardcoded /usr/lib somewhere.

Paul

3

Attached the diff this time :slight_smile:

Paul

(attachments)

nsd-2.3.6.diff (4.62 KB)