NSD 4 beta 5

Hi,

The new beta for NSD4 is available, NSD 4.0.0b5:
http://nlnetlabs.nl/downloads/nsd/nsd-4.0.0b5.tar.gz
SHA1 57febff2dc41841b2b0c19917d9e8b1bdf4b55c0
SHA256 e949c9406562ace1c158a53a53cc4bbf57a6861bd55d5c72373be844ddddb2ac

This software is in beta. This version fixes a number of important
bugs, and smaller bugs, found in the beta phase. The software has
also been optimised.

The beta5 version uses about 45% of the memory that beta4 used. Disk
access speed has improved, and also queries per second, UDP and TCP,
have improved, mostly with responses handled at a spike in the load.

Bug fixes have been merged with NSD 3.2.16. NSD 4.0.0b5 contains the
RRL ratelimiting implementation (configure with --enable-rate-limit).

FEATURES:
- - Optimizations for startup, qps and tcp speed, beta bug fixes and
  merge with code changes with NSD 3.2.16.
- - nsd-mem tool (make nsd-mem) to estimate memory usage.
- - Same as NSD 3.2.16: --enable-draft-rrtypes(EUI48, EUI64), rrl-slip,
  rrl-ipv[46]-prefix-length, ip-transparent config options.
- - configure option --disable-flto.
- - improved RRL logging (query details that caused blockage).
- - nsd-control status prints out ratelimit if ratelimit is enabled.
- - nsd-control verbosity prints out verbosity level without argument.
- - Fix #491: pick program name (of executable) as syslog identity.
- - printout percentage for long activities (to log). After about 5
  seconds have passed.

BUG FIXES:
- - The same fixes up to NSD 3.2.16.
- - Fix that old zonefile does not override newer AXFR for slave zones.
- - Nicer printout of notify.
- - Fix tcp zonetransfer pipeline lookup function.
- - Fixup the growth and shrinkage of nsd.db. This should use less
  calls to remap and change the file and mmap size.
- - notify information is logged at correct verbosity level, 1.
- - Fix memory statistics in nsd_munin_.
- - faster nsec3 updates.
- - Fixup contrib/bug390.patch for 4.0.0b4.
- - remove leak of nsec3.
- - allocate radixtree in region for small (5%) total savings and
  about 15% savings in the radixtree itself (due to many small alloc
  savings in region).
- - Patch from Lukas Wunner that makes nsd.conf include files work
  inside chroot/etc environments on repattern and reconfig.
- - Fix race on exit of nsd, for restarts, so that the pidfile-pid
  process waits until port53 has been closed before exiting.
- - Patch from Lukas Wunner that makes chroot more consistent.
  Make all paths absolute with the chrootdir in front, or use
  an absolute zonesdir with other paths relative to that.
- - Fix segfault on repeated reconfigs, double free of zone apex name.
- - Fix zone parser allocations are put in the db region.
- - Fix memory leak in zone parser for txt record.
- - Optimizations: -O3 if possible (user can override CFLAGS), udp
  buffers are set to 1m by default (if socket options exist),
  use recvmmsg and sendmmsg, or only recvmmsg, or recvfrom.
- - nsd.db 12% smaller, no nsec3 hash storage. Also ups udb version
  because of the format change. The nsd.db is recreated when a
  different version number is detected on startup.
- - Fix region-allocator for speedup of load and change of large data.
- - Increase tcpbacklog default to 256 (silently capped to 128 on BSD).
  For remote control keep it at 16, it has less TCP load.
  It does not actually increase TCP performance (some except), but
  reduces connection loss when there is a spike in TCP connections.
- - unlink xfr file if transfer is stopped, timeouted or interrupted.
  And unlink xfr file in progress when the zone is deleted.

Best regards,
   Wouter

Hello,

The new beta for NSD4 is available, NSD 4.0.0b5:
http://nlnetlabs.nl/downloads/nsd/nsd-4.0.0b5.tar.gz

I ran into a segfault on my OpenBSD based box. The problem seems to
arise when running with chroot and not having a logfile set:

# gdb /usr/local/sbin/nsd nsd.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd5.3"...
Core was generated by `nsd'.
Program terminated with signal 11, Segmentation fault.
Loaded symbols for /usr/local/sbin/nsd
Reading symbols from /usr/lib/libssl.so.19.0...done.
Loaded symbols for /usr/lib/libssl.so.19.0
Reading symbols from /usr/lib/libcrypto.so.22.0...done.
Loaded symbols for /usr/lib/libcrypto.so.22.0
Reading symbols from /usr/lib/libevent.so.3.1...done.
Loaded symbols for /usr/lib/libevent.so.3.1
Reading symbols from /usr/lib/libc.so.66.2...done.
Loaded symbols for /usr/lib/libc.so.66.2
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 0x00000e3f40540a50 in main (argc=Variable "argc" is not available.
) at ./nsd.c:1015
1015 if (nsd.log_filename[0] == '/')
(gdb) print nsd.log_filename
$1 = 0x0

I worked around this with the following diff:

--- nsd.c.orig Tue Jul 16 19:46:43 2013
+++ nsd.c Tue Jul 16 19:47:34 2013
@@ -1012,8 +1012,10 @@

     /* strip chroot from pathnames if they're absolute */
     nsd.options->zonesdir += l;
- if (nsd.log_filename[0] == '/')
- nsd.log_filename += l;
+ if (nsd.log_filename){
+ if (nsd.log_filename[0] == '/')
+ nsd.log_filename += l;
+ }
     if (nsd.pidfile[0] == '/')
       nsd.pidfile += l;
     if (nsd.dbfile[0] == '/')

Regards,
Patrik Lundin

I ran into a segfault on my OpenBSD based box.

I got segfaults too.

The problem seems to arise when running with chroot
and not having a logfile set:

same condition here. will try the patch and report ...

Andreas

Hi Patrik,

Thank you for the patch. This code is new in beta5 to make chroot
easier to config.

Best regards, Wouter

the patch solved the segfault problem.
4.0.0b5 now serve my private domains