NSD4 occassionally fails to start after _server_ restart -- related to log rotation?

PGNet_Dev · October 17, 2018, 7:01pm

I’ve built/installed

/usr/local/nsd4/sbin/nsd -v
NSD version 4.1.25
Written by NLnet Labs.

Copyright (C) 2001-2006 NLnet Labs. This is free software.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.

Runs well.

On server restart, I find occassionally that NSD4’s not UP. starting it manually is immediately successful.

I’ve found, so far, no relevant errors in systemd journal or nsd logs.

I did noticed, checking immediately after noticing one of these^ ‘bad’ restarts,

systemctl status -l nsd4-custom
● nsd4-custom.service - NSD4 DNS Server
Loaded: loaded (/etc/systemd/system/nsd4-custom.service; enabled; vendor preset: disabled)
!!! Active: inactive (dead) since Wed 2018-10-17 11:14:41 PDT; 30min ago
Process: 1367 ExecStopPost=/bin/rm -f /var/chroot/nsd4/var/db/nsd/xfrd.state (code=exited, status=0/SUCCESS)
Process: 1296 ExecStop=/usr/local/nsd4/sbin/nsd-control -c /var/chroot/nsd4/etc/nsd.conf stop (code=exited, status=0/SUCCESS)
Process: 1280 ExecStart=/usr/local/nsd4/sbin/nsd-control -c /var/chroot/nsd4/etc/nsd.conf start (code=exited, status=0/SUCCESS)
Main PID: 1280 (code=exited, status=0/SUCCESS)

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

Don’t know if that’s ‘fatal’ to nsd.

I launch nsd with systemd,

cat /etc/systemd/system/nsd4-custom.service
[Unit]
Description=NSD4 DNS Server
After=syslog.target network-online.target
Before=nsd4-custom.target
Before=unbound.service
Requires=unbound.service

[Service]
PIDFile=/var/chroot/nsd4/var/run/nsd/nsd.pid
ExecStart=/usr/local/nsd4/sbin/nsd-control -c /var/chroot/nsd4/etc/nsd.conf start
ExecReload=/usr/local/nsd4/sbin/nsd-control -c /var/chroot/nsd4/etc/nsd.conf reload
ExecStop=/usr/local/nsd4/sbin/nsd-control -c /var/chroot/nsd4/etc/nsd.conf stop
ExecStopPost=/bin/rm -f /var/chroot/nsd4/var/db/nsd/xfrd.state

[Install]
WantedBy=multi-user.target

and rotate logs with

cat /etc/logrotate.d/nsd4
/var/log/nsd4/*.log {
daily
missingok
rotate 14
compress
delaycompress
compresscmd /usr/bin/xz
uncompresscmd /usr/bin/unxz
create 640 nsd nsd
sharedscripts
dateext
dateformat .%Y-%m-%d.%s
postrotate
/usr/local/nsd4/sbin/nsd-control log_reopen
endscript
}

Is any of that^ problematic, possibly causal? Or is there some other place I should be looking?

anandb · October 17, 2018, 9:48pm

Hello "pgnet".

I have many comments about your setup. See below.

[snip]

Warning: Journal has been rotated since unit was started. Log

output is incomplete or unavailable.

Don't know if that's 'fatal' to nsd.

No, this is not fatal to nsd.

I launch nsd with systemd,

    cat /etc/systemd/system/nsd4-custom.service
        [Unit]
        Description=NSD4 DNS Server
        After=syslog.target network-online.target
        Before=nsd4-custom.target
        Before=unbound.service
        Requires=unbound.service

        [Service]
        PIDFile=/var/chroot/nsd4/var/run/nsd/nsd.pid
        ExecStart=/usr/local/nsd4/sbin/nsd-control -c
/var/chroot/nsd4/etc/nsd.conf start
        ExecReload=/usr/local/nsd4/sbin/nsd-control -c
/var/chroot/nsd4/etc/nsd.conf reload
        ExecStop=/usr/local/nsd4/sbin/nsd-control -c
/var/chroot/nsd4/etc/nsd.conf stop
        ExecStopPost=/bin/rm -f /var/chroot/nsd4/var/db/nsd/xfrd.state

        [Install]
        WantedBy=multi-user.target

This is a *very* strange and convoluted way to run nsd with systemd.

First of all, I can understand nsd starting before unbound. But why does
nsd *require* unbound?

Next, your ExecStart can just be:

ExecStart=/usr/local/nsd4/sbin/nsd -c /var/chroot/nsd4/etc/nsd.conf

You also don't need an ExecStop. Instead, you just need:

KillMode=process

so that systemd can just send a TERM signal to the main nsd process.

Next, why are you removing the xfrd.state file when stopping nsd? That
seems pointless. the state file is used for tracking the status of slave
zones and their timers.

The PIDFile option is also unnecessary with nsd.

and rotate logs with

    cat /etc/logrotate.d/nsd4
        /var/log/nsd4/*.log {
            daily
            missingok
            rotate 14
            compress
            delaycompress
            compresscmd /usr/bin/xz
            uncompresscmd /usr/bin/unxz
            create 640 nsd nsd
            sharedscripts
            dateext
            dateformat .%Y-%m-%d.%s
            postrotate
                /usr/local/nsd4/sbin/nsd-control log_reopen

Don't you need the "-c /var/chroot/nsd4/etc/nsd.conf" option to
nsd-control here, so that it can find the appropriate control channel to
send the "log_reopen" command to?

Regards,
Anand