NSD lost most part of zone

Peter_Andreev · March 29, 2012, 11:36am

Hello list,

I encountered weird problem with NSD 3.2.9. Suddenly it lost about 90% of zone. The configuration is following:

zone:
name: “example.com”
zonefile: “/srvs/nsd/etc/slave/example.com.S”
allow-notify: master1-ip xfrkey
request-xfr: UDP master1-ip xfrkey

allow-notify: master2-ip xfrkey
request-xfr: UDP master2-ip xfrkey
allow-axfr-fallback: “yes”
outgoing-interface: service-ip

allow-notify: 127.0.0.1 NOKEY

master1 and master2 are BIND servers, providing IXFR.

All was good yesterday, after “nsdc patch” NSD reported about ~7000000 records processed normally.
Today I got:
zonec: processed 621379 RRs in “example.com”.

Did somebody meet the same problem? Any ideas how to solve and not meet this problem again?

Wouter · March 29, 2012, 12:43pm

Hi Peter,

Were you out of disk-space (so, the file was truncated) ? Did the
computer reset during the nsd-patch zone write or something like that?

Otherwise, do you have the last changes (ixfr.db, nsd.db, ... other
unnatural incidents) for debug analysis?

Best regards,
Wouter

Peter_Andreev · March 29, 2012, 1:13pm

2012/3/29 W.C.A. Wijngaards <wouter@nlnetlabs.nl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Peter,

Were you out of disk-space (so, the file was truncated) ? Did the
computer reset during the nsd-patch zone write or something like that?

No for both questions.

Otherwise, do you have the last changes (ixfr.db, nsd.db, … other
unnatural incidents) for debug analysis?

I made a lot of “update-rebuild-patch” trying to retransfer full zone, so these files are changed heavily.
Another unnatural incident is that when I do “nsdc patch”, NSD says “warning: slave zone example.com with no zonefile ‘/srvs/nsd/etc/slave/example.com.S’(No such file or directory) will force zone transfer.” but no file appearing, neither right after command issued, nor after some time passed.

ls -l /srvs/nsd/etc

total 16
drwxr-xr-x 2 apn dns 512 Mar 27 11:59 RCS
-r–r–r-- 1 apn dns 7479 Mar 27 11:59 nsd.conf
drwxrwxr-x 2 bind dns 512 Mar 29 14:52 slave

NSD is running under bind user.

df -h

Filesystem Size Used Avail Capacity Mounted on
/dev/da0p2 1G 587M 339M 63% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/da0p4 9.9G 32M 9.0G 0% /home
/dev/da0p5 39G 128M 36G 0% /srvs
/dev/da0p6 39G 32M 36G 0% /srvs/named/var/log
/dev/da0p7 4G 32M 3.6G 1% /tmp
/dev/da0p8 9.9G 32M 9.0G 0% /usr/BSD
/dev/da0p9 9.9G 139M 8.9G 2% /usr/local
/dev/da0p10 7.9G 34M 7.2G 0% /var

OS - FreeBSD 64bit.

Vicky_Shrestha · March 30, 2012, 1:09am

Hello list,

I encountered weird problem with NSD 3.2.9. Suddenly it lost about 90% of zone. The configuration is following:

zone:
        name: "example.com"
        zonefile: "/srvs/nsd/etc/slave/example.com.S"
        allow-notify: master1-ip xfrkey
        request-xfr: UDP master1-ip xfrkey

        allow-notify: master2-ip xfrkey
        request-xfr: UDP master2-ip xfrkey
        allow-axfr-fallback: "yes"
        outgoing-interface: service-ip

        allow-notify: 127.0.0.1 NOKEY

master1 and master2 are BIND servers, providing IXFR.

All was good yesterday, after "nsdc patch" NSD reported about ~7000000 records processed normally.
Today I got:
zonec: processed 621379 RRs in "example.com".

Did somebody meet the same problem?

Yes we did , but we were unable to reproduce the problem.

Any ideas how to solve and not meet this problem again?

Testing with 3.2.10 , so far no problems.

--
AP
_______________________________________________
nsd-users mailing list
nsd-users@NLnetLabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Regards,

Vicky Shrestha

Matthijs_Mekking · March 30, 2012, 7:55am

Hi,

NSD 3.2.9 introduced a flaw in zone transfer, which reduces the speed of the transfer greatly. I would recommend upgrading to 3.2.10, like Vicky suggested.

Best regards,
Matthijs

Peter_Andreev · March 30, 2012, 8:45am

2012/3/30 Matthijs Mekking <matthijs@nlnetlabs.nl>

Hi,

NSD 3.2.9 introduced a flaw in zone transfer, which reduces the speed of the transfer greatly. I would recommend upgrading to 3.2.10, like Vicky suggested.

Best regards,
Matthijs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello list,

I encountered weird problem with NSD 3.2.9. Suddenly it lost about 90% of zone. The configuration is following:

zone:
name: “example.com”
zonefile: “/srvs/nsd/etc/slave/example.com.S”
allow-notify: master1-ip xfrkey
request-xfr: UDP master1-ip xfrkey

allow-notify: master2-ip xfrkey
request-xfr: UDP master2-ip xfrkey
allow-axfr-fallback: “yes”
outgoing-interface: service-ip

allow-notify: 127.0.0.1 NOKEY

master1 and master2 are BIND servers, providing IXFR.

All was good yesterday, after “nsdc patch” NSD reported about ~7000000 records processed normally.
Today I got:
zonec: processed 621379 RRs in “example.com”.

Did somebody meet the same problem?

Yes we did , but we were unable to reproduce the problem.

Any ideas how to solve and not meet this problem again?

Testing with 3.2.10 , so far no problems.

–
AP

nsd-users mailing list
nsd-users@NLnetLabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Regards,

Vicky Shrestha

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iQEcBAEBAgAGBQJPdQe7AAoJEGi4SIJCvhMLcnIH/jJbeSwfQ0XjoXBG55Te1fsd
Gqry1d5TMwzVb3y4ZPLEmwAgZnVN/vIyNIlrdwMmqmV1cERiVsVoMK+kwmBKasLr
iaGwRH9WsjjP15SU6FNNaqHZ4Lf94jXq+uoEhUjH5d1NDejvIVBn/aTKlRlfnD54
M1yonaqaHE4LeqI4YiDqVvYTo2NW+U2AkQW1kEERiJuDeFr4fl39pocF8wq+zhir
Q/oWsZ7S/F8AM2NfrgDDjQBApV2Z4LR/ybxcgjewjswo+83EqgGbCkkDZEU/AARw
adw3u1ofFYu/QMNNxYKt7/4F4rDK49MucxO5RpWSJpUPToOfJM1e3fyef9CecQc=
=g/oD
-----END PGP SIGNATURE-----

nsd-users mailing list
nsd-users@NLnetLabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Matthijs, Vicky, thank you!

Upgraded to 3.2.10.