Re: [nsd-users] NSD 4.12.0rc1 pre-release

Wed, 23 Apr 2025 13:20:39 -0700 

Hello Yorgos,

Am 22.04.25 um 15:20 schrieb Yorgos Thessalonikefs via nsd-users:

Unbound is an example when configured with auth zones, it will send the SOA 
prove over UDP before starting a zone transfer.


correct, I verified that by such an unbound.conf

(10.0.0.2 is an NSD serving the zone 'example.' over 53/UDP, 53/TCP and 853/TLS 
= TCP )

auth-zone:
        name: "example."
        for-downstream: no
        for-upstream: yes
        fallback-enabled: yes
        primary: 10.0.0.2@853#nsd
        zonefile: "/spool/auth-zones/example"

with tcpdump I saw unbound
 - asking 10.0.0.2@53 via UDP for a SOA-Record
then
 - transfering the zone over a TLS conection to 10.0.0.2@853 / TCP

I do not saw any traffic to 10.0.0.2@853 / UDP


... you expect to see only TCP open on 853 but you also see UDP open on 853?

yes

NSD even write it to my log:

nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: nsd starting (NSD 4.12.0)
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 
10.0.0.2@53 (udp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 
10.0.0.2@53 (tcp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 
10.0.0.2@853 (udp) with server(s): -
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip-address 
10.0.0.2@853 (tcp) with server(s): *
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: info: creating unix socket 
/run/nsd-control.socket
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone . read with success
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone example. read with 
success
nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: notice: nsd started (NSD 
4.12.0), pid 1

Notice the '-' at the end of the 853-UDP line, while the other lines end with 
'*'
No idea, what that means...

In the NSD-Container I run:

root@nsd:/# netstat -lnpt | grep 10.0.0.2
tcp        0      0 10.0.0.2:53             0.0.0.0:*               LISTEN      
-
tcp        0      0 10.0.0.2:853            0.0.0.0:*               LISTEN      
-
root@nsd:/# netstat -lnpu | grep 10.0.0.2
udp        0      0 10.0.0.2:53             0.0.0.0:*                           
-
udp        0      0 10.0.0.2:853            0.0.0.0:*                           
-

Andreas
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users






















					Reply via email to