Hi,
I'm looking at running nsd from systemd without forking. The man page
for nsd states:
-d Turn on debugging mode, do not fork, stay in the foreground.
Now I don't really want "debugging mode", I just want it to not fork.
Attached is a small patch that adds the -D option that does not change
the debugging level, but will prevent nsd from forking when specified.
This allows systemd to restart nsd when it crashes.
Paul
nsd-3.2.15-nofork.patch (1.66 KB)
Hey Paul,
Have you tested nsd long enough with this option? I'm not certain it
will work. It will appear to work in the beginning, but when nsd does
zone transfers, it will fork a child, which will load the zone database,
and then kill its parents. At this point, systemd may not be able to
keep track of nsd. At least, this was what I experienced when trying to
make nsd3 work under Redhat's upstart.
Changing this is more work than a simple patch, and Wouter has already
done this for the upcoming nsd 4, which runs just fine under upstart.
But it may never make it into nsd 3. Please do correct me if I got it wrong.
Regards,
Anand
Have you tested nsd long enough with this option?
After fixing the patch to add "D" to getopt, I ran it specifically with
various reload scenarios because I know even the RHEL version with sysv
still at times lost the proper pid (the build I fired off today
hopefully fixes those now on RHEL, ns0.nohats.ca has not lost the right
pid in several hours now)
So I did variations of:
systemctl reload nsd.service
nsdc reload
nsdc rebuild
systemctl restart nsd.service
Note that the reload service calls rebuild, reload and notify:
[Unit]
Description=NSD DNS Server
After=syslog.target network.target
[Service]
Type=simple
PIDFile=/var/run/nsd/nsd.pid
EnvironmentFile=-/etc/sysconfig/nsd
ExecStartPre=/usr/sbin/nsdc -c /etc/nsd/nsd.conf rebuild
ExecStart=/usr/sbin/nsd -D -c /etc/nsd/nsd.conf $OTHER_NSD_OPTS
ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf rebuild
ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf reload
# notify blocks on misconfigurations - but does show it very loudly
ExecReload=/usr/sbin/nsdc -c /etc/nsd/nsd.conf notify
ExecStop=/usr/sbin/nsdc -c /etc/nsd/nsd.conf patch
ExecStop=/usr/sbin/nsdc -c /etc/nsd/nsd.conf stop
ExecStopPost=/bin/rm -f /var/lib/nsd/xfrd.state
[Install]
WantedBy=multi-user.target
And each time I verified /run/nsd/nsd.pid with "pidof nsd". It matches
every time.
I'm not certain it
will work. It will appear to work in the beginning, but when nsd does
zone transfers, it will fork a child, which will load the zone database,
and then kill its parents. At this point, systemd may not be able to
keep track of nsd. At least, this was what I experienced when trying to
make nsd3 work under Redhat's upstart.
You mean on the primary or secondary?
Changing this is more work than a simple patch, and Wouter has already
done this for the upcoming nsd 4, which runs just fine under upstart.
But it may never make it into nsd 3. Please do correct me if I got it wrong.
I'll do some more tests to ensure this will work (or not). Thanks for
pointing it out.
Paul
Hi Paul, Anand,
Have you tested nsd long enough with this option?
After fixing the patch to add "D" to getopt, I ran it specifically
with various reload scenarios because I know even the RHEL version
with sysv still at times lost the proper pid (the build I fired
off today hopefully fixes those now on RHEL, ns0.nohats.ca has not
lost the right pid in several hours now)
The pidfile is changed when the scenario that Anand describes happens.
So that means there is a brief race condition, but you did not notice
the issue that Anand described. Also upstart may need nsd to keep
attached to the same console session, and that would then not happen,
and nsd4 can do all of that with the changes; i.e. for nsd4 the
pidfile does not change.
Best regards,
Wouter
One of the reasons for trying without forking is the exact reason of the
pidfile sometimes being bogus. At that point, "nsdc" fails to do anything
to the running nsd. For example, opendnssec on the same machine can no
longer send a successful reload command after it has signed a zone. If
left unattended, zones expire.
currently, the nsd running with systemd without forking has a matching
pid file, but I'll run a few more zones updates and see. Perhaps nsd4
will be ready before RHEL7, and then there is no issue - I don't think
many people will run nsd on Fedora.
However, for nsd3 and RHEL6, that still leaves me with the issue that
one regularly loses control of the running nsd, until an operator goes
in and fixes things by killing nsd by process name and restarting it.
That really still needs a fix, especially when combined with opendnssec.
Paul