NSD 4.1.3rc1 maintainers prerelease

Wouter · June 4, 2015, 9:15am

Hi,

NSD 4.1.3rc1 maintainers prerelease is available:
http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.3rc1.tar.gz
sha1 e233434de14596887dadfd45d2905a8bcbdcb2f8
sha256 63ed5e22b8ab283197143ac78eb29f6d628d5a634dc6f0f8ca82edbaea865c91

This update for NSD 4 has bug fixes and a couple options (bigger TSIG
hashes, add long lists of zones more easily).

FEATURES:
- - nsd-control addzones and delzones read list of zones from stdin.
- - hmac sha224, sha384 and sha512 support, patch from David Gwynne.
- - max-interfaces raised to 32.

BUG FIXES:
- - Fix #665: when removing subdomain, nsd does not reparse parent zone.
- - Fix task and zonestat files to be stored in a subdirectory in tmp
to stop privilege elevation.
- - Fix crash in zone parser for relative dname after error in origin.
- - Fix that formerrors are ratelimited.

Best regards,
Wouter

PaulWouters · June 8, 2015, 2:21pm

NSD 4.1.3rc1 maintainers prerelease is available:
http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.3rc1.tar.gz

been running on ns0.nohats.ca for two days without any visible problems.
(including serving CDS records)

FEATURES:
- - nsd-control addzones and delzones read list of zones from stdin.
- - hmac sha224, sha384 and sha512 support, patch from David Gwynne.
- - max-interfaces raised to 32.

You mean max-ips?

We always compile with --with-max-ips=1024 due to some demands in the
fields for much higher maximums. Any reason to put the default limit
so low?

Paul

wtoorop · June 9, 2015, 8:23am

Wouter has a short vacation, but I think I can answer this.

NSD 4.1.3rc1 maintainers prerelease is available:
http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.3rc1.tar.gz

been running on ns0.nohats.ca for two days without any visible problems.
(including serving CDS records)

FEATURES:
- - nsd-control addzones and delzones read list of zones from stdin.
- - hmac sha224, sha384 and sha512 support, patch from David Gwynne.
- - max-interfaces raised to 32.

You mean max-ips?

That is right. --with-max-ips determines the number of "interface:"
entries in the config

We always compile with --with-max-ips=1024 due to some demands in the
fields for much higher maximums. Any reason to put the default limit
so low?

I believe the value 32 is a safety measure. pselect is (still) used for
nsd inter process communications (over anonymous sockets). With a high
number of interfaces, the chance on higher numbered file descriptors
(numbers > FD_SETSIZE) becomes larger.
(see also https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=639 )

I'll review thoroughly the coming two weeks and return to you with a
more precise answer.

Wouter · June 23, 2015, 7:47am

Hi,

NSD 4.1.3 is available:
http://www.nlnetlabs.nl/downloads/nsd/nsd-4.1.3.tar.gz
sha1 3f807a0034c4b65efef59438d8f60f0929410b5a
sha256 097cb295cdd3e8a73a8afac343caf0fca11b72b2214b022689ddc423312d17e5

This update for NSD 4 has bug fixes and a couple options (bigger TSIG
hashes, add long lists of zones more easily).

FEATURES:
- - nsd-control addzones and delzones read list of zones from stdin.
- - hmac sha224, sha384 and sha512 support, patch from David Gwynne.
- - max-interfaces raised to 32.

BUG FIXES:
- - Fix #665: when removing subdomain, nsd does not reparse parent zone.
- - Fix task and zonestat files to be stored in a subdirectory in tmp
to stop privilege elevation.
- - Fix crash in zone parser for relative dname after error in origin.
- - Fix that formerrors are ratelimited.

Best regards,
Wouter