Hello,
Does anybody know when NSD 4.0 will be released?
Thank you,
Pavel
Does anybody know when NSD 4.0 will be released?
When it's ready? 
-JP
Hello Pavel,
We are currently shifting priorities in order to crank up the work on NSD4.0 it is not very likely that you will see a production release before end of year, albeit not impossible either.
During the development process working snapshots (working, but with limited functionality) will be published in SVN (See http://www.nlnetlabs.nl/svn/nsd/tags/ ). Obviously these snapshots are for the daring among you who want to help us test in real world environments.
Currently we are at snapshot 5. Now that might not mean a lot but we have accomplished a few things:
- Performance increase with radixtree and more optimal compilation.
- UDB on disk, removal of zonec. This means using editable disk database with mmap.
- NSEC3 prehash incremental
- Patterns, new config file structures to manage many zones
- Control, SSL remote control: output statistics, force zone transfer, add and remove zones.
The above is a cut-n-paste from internal notes and may not mean very much. However, while maintaining the (stable) NSD3 query logic we improved performance and added features that folk have been waiting for: Addition and removal of zones without the need of a restart.
If you are daring to run the snapshot we appreciate any feedback you may have.
Keep you posted,
–Olaf
|
NLnet |
Olaf M. Kolkman |
|
|
Science Park 400, 1098 XH Amsterdam, The Netherlands |
||
:
:During the development process working snapshots (working, but with limited functionality) will be published in SVN (See http://www.nlnetlabs.nl/svn/nsd/tags/ ). Obviously these snapshots are for the daring among you who want to help us test in real world environments.
:
:Currently we are at snapshot 5. Now that might not mean a lot but we have accomplished a few things:
:
Hi Olaf
Do you consider the snapshots stable enough to run for small production
servers? Obviously not the missing features, but the ones that are
in-tree and exposed via the normal configuration.
I am primary for 5 smallish domains, and backup for another 20; but I
don't want to cause huge problems for them.
Do you consider the snapshots stable enough to run for small production
servers? Obviously not the missing features, but the ones that are
in-tree and exposed via the normal configuration.
They compile, pass rudimentary (regression) tests. But, they may not have yet had the benefits of a code review by a 2nd programmer, our complete pre-release tests, and may not be fully documented.
I am primary for 5 smallish domains, and backup for another 20; but I
don’t want to cause huge problems for them.
I will not give you guarantees but if NSD4 with the current features suits you better than NSD3 you might want to give it a try and share your experiences.
–Olaf
|
NLnet |
Olaf M. Kolkman |
|
|
Science Park 400, 1098 XH Amsterdam, The Netherlands |
||
Hi Olaf,
Thank you for your answer and sorry for my late reply. I saw your reply on Peter’s question and i might actually start using this last snapshot on one of our nameservers and will monitor it to see how it works. It should be a good test because we get between 40 and 50 millions queries in 24 hours on each of our name servers and have a relatively big number of domains served. What prevented us from using NSD 3 is that it needs to be restarted when adding/removing zones and adding/removing zones happens relatively often on our nameservers. Where can i find the docs on how to add/remove zones on the fly?
Thank you,
Pavel
Hi Pavel,
This is a little brief, below, there is more documentation here:
man nsd-control.
nsd-control -h for a summary.
man nsd.conf (for patterns, remote-control).
nsd.conf.sample for samples.
note that nsd.db changes file format from NSD3 to NSD4.
the nsd process needs to write to zonelistfile: "/var/db/nsd/zone.list"
this is where it stores the list of zones between restarts.
Generate the keys it needs and run
$ nsd-control-setup
and enable it in nsd.conf with
remote-control:
control-enable: yes
then define a pattern in the nsd.conf (much like a zone, but starts
with pattern: and applies to a group of zones), e.g.
pattern:
name: "master"
zonefile: "master/%s.zone".
The config file is backwards compatible for zone statements, you can
have 'hardcoded' zones in there in the old syntax.
then
$ nsd-control addzone example.com master
then you forgot to edit master/example.com.zone, and need to do
$ nsd-control reload example.com
(or just "reload" that checks modification times on all zonefiles).
$ dig @localhost example.com
$ nsd-control delzone example.com
zonec does not exist in NSD4 (part of the daemon, just 'reload' after
changing the file). nsdc is gone. This milestone (perhaps no longer
needed for the final version, I am working on this now 
) needs rm
/var/db/nsd/ixfr.db as daily cronjob instead of nsdc patch. And
nsd-control write if you want to also have the zonefiles written for
slave zones.
Best regards,
Wouter
Hello everyone,
Maybe it's a silly question but here it goes. Where can I find NSD4?
I would like to give it a test drive. Thank you.
Cheers and Goodwill,
_e
Hi Valentin,
on the nlnetlabs svn repository: http://www.nlnetlabs.nl/svn/nsd
and more specifically for the latest NSD4 tag: http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_0_0_imp_5/
My experience with NSD 4 imp 5: faster than NSD 3 (about 10-15% in my case) in master mode.
In slave mode it wouldn't load the zone (>1M records), it would loop through AXFR cycles.
Wouter is already aware of it, but we haven't exchanged the zone yet to investigate it deeper.
Since we don't need the dynamic zones for the moment on those servers we will run NSD3 until all the small NSD4 bumps get ironed out.
We will of course continue to test NSD4, and report any issue to nlnetlabs.
Br,
Thomas
Hi Olaf,
As stated back in June we did took the snapshot and placed in production
on one server to test how it works. One month ago we deployed that same
snapshot on a second server as well. Till now there is not a single
issue and we get around 50 millions queries per server within 24 hours
for aboutn 300k zones.
We also had a DDoS hitting our servers with ~800mbps and NSD survived
without issues.
Note that we are not using dnssec and servers are runnig as masters.
So all in all we are very satisfied by NSD4 (even if it is not yet the
production release). Keep up the good work and i hope this feedback is
usefull to you and maybe for others.
Best regards,
Pavel
[..]
Currently we are at snapshot 5. Now that might not mean a lot but we
have accomplished a few things:* Performance increase with radixtree and more optimal compilation.
* UDB on disk, removal of zonec. This means using editable disk
database with mmap.
* NSEC3 prehash incremental
* Patterns, new config file structures to manage many zones
* Control, SSL remote control: output statistics, force zone transfer,
add and remove zones.
Olaf, is there an overview of what new features there will be in NSD4,
eg the goals etc ?
I cannot find a updated changelog (I checked SVN) or presentation or
summary of what the above mean, but I think that a couple of these sound
like things I'd like to actively use
Greets,
Jeroen
Hi Jeroen,
A blogpost on this topic:
http://www.nlnetlabs.nl/blog/2012/09/14/nsd4-features/
Best regards,
Wouter