On the "nsd-control addzone/delzone": it works a bit different from defining zones in your configuration, just as the error message says.
It is rather intended to be used with patterns. You configure a pattern in your configuration, then you tell nsd via nsd-control addzone to use a specific pattern for a specific zone. nsd keeps track of these assignments in a file usually in "/var/lib/nsd/zone.list" (configurable via "zonelistfile"). Zones can be added/removed pretty dynamically that way. What nsd does internally when receiving the addzone/delzone I haven't cared about so far. On the config in general: "server-count" should be set to the number of CPUs of the respective machine. And, if you have this set to more than 1 and run it on Linux, you might also want to consider setting "reuseport" to "yes". I have more experience with this option from a high performance unbound system, but activating this option helped improve performance by a margin of 30-40%. I think it has a similar impact on nsd when a high amount of requests has to be served. Am 28. Dezember 2019 22:15:54 MEZ schrieb richard lucassen via nsd-users <[email protected]>: >On Sat, 28 Dec 2019 17:02:09 +0100 >richard lucassen via nsd-users <[email protected]> wrote: > >> The problem is (was) that I used "include:" statements in nsd.conf >> to load zone information. Apparently nsd does not reread the include >> files upon a SIGHUP. I scripted everything into 1 file and a HUP >> rereads the zone info now. > >Wrong, I made a mistake it does not. A SIGHUP does not make nsd reread >it's config file. When using nsd-control I get an error: > ># nsd-control delzone test.xaq.nl >error zone defined in nsd.conf, cannot delete it in this manner: remove >it from nsd.conf yourself and repattern > >The output of "nsd-checkconf -v /etc/nsd/nsd.conf": >server: > debug-mode: no > ip-transparent: no > ip-freebind: no > reuseport: no > do-ip4: yes > do-ip6: no > hide-version: yes > database: "" > #identity: > #version: > #nsid: > #logfile: > server-count: 1 > tcp-count: 100 > tcp-query-count: 0 > tcp-timeout: 120 > tcp-mss: 0 > outgoing-tcp-mss: 0 > ipv4-edns-size: 4096 > ipv6-edns-size: 4096 > pidfile: "/var/lib/nsd/nsd.pid" > port: "53" > statistics: 0 > chroot: "/var/lib/nsd/" > username: "nsd" > zonesdir: "/var/lib/nsd/domains/" > xfrdfile: "" > zonelistfile: "/var/lib/nsd/zone.list" > xfrdir: "/var/lib/nsd/tmp/" > xfrd-reload-timeout: 1 > log-time-ascii: yes > round-robin: yes > verbosity: 0 > ip-address: "127.0.0.53" > rrl-size: 1000000 > rrl-ratelimit: 200 > rrl-slip: 2 > rrl-ipv4-prefix-length: 24 > rrl-ipv6-prefix-length: 64 > rrl-whitelist-ratelimit: 2000 > zonefiles-check: yes > zonefiles-write: 3600 > >remote-control: > control-enable: yes > control-port: 8952 > server-key-file: "/etc/nsd/nsd_server.key" > server-cert-file: "/etc/nsd/nsd_server.pem" > control-key-file: "/etc/nsd/nsd_control.key" > control-cert-file: "/etc/nsd/nsd_control.pem" > >zone: > name: test.xaq.nl > zonefile: /var/lib/nsd/domains/nl/xaq/test/zone > >(and a lot of other zones) > >BTW, a "control-enable: no" gives a config error. Any hints? > >And perhaps some more comments on the config? Note: this is a >supervised version running under "runit" > >R. > >-- >richard lucassen >http://contact.xaq.nl/ > >_______________________________________________ >nsd-users mailing list >[email protected] >https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
_______________________________________________ nsd-users mailing list [email protected] https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
