Re: [nsd-users] NSD 4.12.0rc1 pre-release

Thu, 24 Apr 2025 03:01:51 -0700 

Hi Andreas,

On 23/04/2025 22:19, A. Schulze via nsd-users wrote:

Hello Yorgos,

Am 22.04.25 um 15:20 schrieb Yorgos Thessalonikefs via nsd-users:
Unbound is an example when configured with auth zones, it will send the SOA prove over UDP before starting a zone transfer. 

correct, I verified that by such an unbound.conf
(10.0.0.2 is an NSD serving the zone 'example.' over 53/UDP, 53/TCP and 853/TLS = TCP ) 

auth-zone:
         name: "example."
         for-downstream: no
         for-upstream: yes
         fallback-enabled: yes
         primary: 10.0.0.2@853#nsd
         zonefile: "/spool/auth-zones/example"

with tcpdump I saw unbound
  - asking 10.0.0.2@53 via UDP for a SOA-Record
then
  - transfering the zone over a TLS conection to 10.0.0.2@853 / TCP

I do not saw any traffic to 10.0.0.2@853 / UDP

Hmm, I wasn't expecting that. This looks like a feature in this case?
I would expect Unbound to not know about port 53 with this configuration, but since the probe will go over UDP it "correctly" uses port 53? 

But that doesn't sound right if your config is like:
        primary: 10.0.0.2@54
I'll look into that and probably treat it like a bug.
... you expect to see only TCP open on 853 but you also see UDP open on 853? 
yes

NSD even write it to my log:
nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: nsd starting (NSD 4.12.0) nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip- address 10.0.0.2@53 (udp) with server(s): * nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip- address 10.0.0.2@53 (tcp) with server(s): * nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip- address 10.0.0.2@853 (udp) with server(s): - nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: notice: listen on ip- address 10.0.0.2@853 (tcp) with server(s): * nsd_1      | [2025-04-23 21:54:21.848] nsd[1]: info: creating unix socket /run/nsd-control.socket nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone . read with success nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: info: zone example. read with success nsd_1      | [2025-04-23 21:54:21.871] nsd[20]: notice: nsd started (NSD 4.12.0), pid 1
Notice the '-' at the end of the 853-UDP line, while the other lines end with '*' 
No idea, what that means...

'*' means all the server processes are listening there
'-' means none of the server processes are listening there

Thanks for looking into this btw!

Best regards,
-- Yorgos
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

Reply via email to