I mean the diff I sent to bugs@ in response to the thread you started on misc. "Re: NSD exit status 11 on 7.0"
This thread is about upgrading nsd in current, but we also need to fix 7.0. I thought you are running stable in production? Anyway, having the full upgrade tested is also valuable, so thanks for that. But if you are running stable please try the patch from bugs@, I want to put that one into an errata. On 20 October 2021 21:44:19 CEST, Mischa <[email protected]> wrote: >Is the below patch not needed? > >I did run it without the below patch first, without any problems. >After I applied the below patch and compiled again. > >Mischa > >On 2021-10-20 21:34, Florian Obser wrote: >> Uhm, could you please try the single patch from the other mail on 7.0? >> We are probably not going to syspatch to a new nsd version in 7.0. >> >> On 20 October 2021 21:18:17 CEST, Mischa Peters <[email protected]> >> wrote: >>> Hi Florian, >>> >>> Great stuff! >>> Applied both patches and NSD has been running without crashing since >>> 20:47 CEST. >>> >>> Oct 20 20:47:19 name2 nsd[62305]: nsd starting (NSD 4.3.8) >>> Oct 20 20:47:19 name2 nsd[37128]: nsd started (NSD 4.3.8), pid 31864 >>> Oct 20 20:47:30 name2 /bsd: carp24: state transition: BACKUP -> MASTER >>> Oct 20 20:47:46 name2 /bsd: carp23: state transition: BACKUP -> MASTER >>> >>> Thanx a lot for the quick patches!! >>> >>> Mischa >>> >>> On 2021-10-20 18:27, Florian Obser wrote: >>>> On 2021-10-20 18:24 +02, Florian Obser <[email protected]> wrote: >>>>> +4.3.8 >>>>> +================ >>>>> +FEATURES: >>>>> + - Set default for answer-cookie to no. Because in server >>>>> deployments >>>>> + with mixed server software, a default of yes causes issues. >>>> >>>> sthen and me think that we shouldn't flip-flop between cookie on and >>>> cookie off since we shipped the cookie on default in 7.0. >>>> >>>> This is on top of the 4.3.8 diff and reverts that behaviour to cookie >>>> on >>>> as we have in 7.0. >>>> >>>> OK? >>>> >>>> diff --git nsd.conf.5.in nsd.conf.5.in >>>> index 4ee4b1292f9..9ae376f288c 100644 >>>> --- nsd.conf.5.in >>>> +++ nsd.conf.5.in >>>> @@ -494,7 +494,7 @@ With the value 0 the rate is unlimited. >>>> .TP >>>> .B answer\-cookie:\fR <yes or no> >>>> Enable to answer to requests containig DNS Cookies as specified in >>>> RFC7873. >>>> -Default is no. >>>> +Default is yes. >>>> .TP >>>> .B cookie\-secret:\fR <128 bit hex string> >>>> Servers in an anycast deployment need to be able to verify each >>>> other's DNS >>>> diff --git options.c options.c >>>> index 6411959e8c6..d8fe022b412 100644 >>>> --- options.c >>>> +++ options.c >>>> @@ -131,7 +131,7 @@ nsd_options_create(region_type* region) >>>> opt->tls_service_pem = NULL; >>>> opt->tls_port = TLS_PORT; >>>> opt->tls_cert_bundle = NULL; >>>> - opt->answer_cookie = 0; >>>> + opt->answer_cookie = 1; >>>> opt->cookie_secret = NULL; >>>> opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt"; >>>> opt->control_enable = 0; >>> > -- Sent from a mobile device. Please excuse poor formatting.
