This version has a fix for a bug in resigning zones with different NSEC3
salt, where NSD would not pick up the NSEC3PARAM record, and serve
answers that omit NSEC3 records. NSD is now lenient and when
NSEC3PARAMs exist that point to nonworking NSEC3 chains, NSD attempts to
find an alternative NSEC3PARAM with NSEC3 records.
It is possible to use nsd-control over a command pipe, without using
TLS, by setting the name of the control socket file. Access permissions
on that file then act as the access control. No TLS is used, because it
is not network traffic, and this is likely faster.
Also systemd support is added for readiness signalling. Enabled with
use-systemd: yes.
I've built this version on CentOS 7. It builds and runs.
It is possible to use nsd-control over a command pipe, without using
TLS, by setting the name of the control socket file. Access permissions
on that file then act as the access control. No TLS is used, because it
is not network traffic, and this is likely faster.
I've tried this feature, and it works. I've noticed that NSD doesn't
remove the control socket file on exit, but this probably isn't a big
deal. In some situations, NSD may not be able to remove the file anyway,
so there's probably no sense in adding code to clean up.
Also systemd support is added for readiness signalling. Enabled with
use-systemd: yes.
NSD 4.1.24rc1 pre-release is available for download
compiled without warnings and deployed on some lab systems...
It is possible to use nsd-control over a command pipe, without using
TLS, by setting the name of the control socket file. Access permissions
on that file then act as the access control. No TLS is used, because it
is not network traffic, and this is likely faster.
the code try to identify the socket type by some assumptions
-> start with '/' -> unix-socket
-> contain ':' -> IPv6 address
-> contain '.' -> IPv4 address
It would be more clear and give more options if NSD wouldn't "guess".
(think, somebody want to use a relative path ...)
NSD (and unbound as well) could require sockets specified as "<typ>:<value>"
This version has a fix for a bug in resigning zones with different NSEC3
salt, where NSD would not pick up the NSEC3PARAM record, and serve
answers that omit NSEC3 records. NSD is now lenient and when
NSEC3PARAMs exist that point to nonworking NSEC3 chains, NSD attempts to
find an alternative NSEC3PARAM with NSEC3 records.
It is possible to use nsd-control over a command pipe, without using
TLS, by setting the name of the control socket file. Access permissions
on that file then act as the access control. No TLS is used, because it
is not network traffic, and this is likely faster.
Also systemd support is added for readiness signalling. Enabled with
use-systemd: yes.
configure: error: systemd enabled but need pkg-config to configure for
it, also, run aclocal before autoconf, or run autoreconf to include
pkgconfig macros
It seems this was only tsted on debian/ubuntu ?
I looked at systemd.m4 (but I have childhood nightmares about m4)
rhel/fedora/centos does not have libsystemd, only systemd-libs and
systemd but my attempts to hack this without needing to rerun autoreconf
failed So for now, I'm adding a dependency on autoconf to our
package.
So for now, I'm adding a dependency on autoconf to our