NSD CPU time consumption in slave config

Jelte Jansen jelte at NLnetLabs.nl
Tue Jul 10 08:39:24 UTC 2007


Andrew Sullivan wrote:
> On Fri, Jul 06, 2007 at 08:04:53PM +0200, Jan Boysen - servage.net wrote:
>> The first hour or so the slave answers with servfail which is annoying
>> too I think.. would it not be better if it were refusing the connection
>> instead ?
> 
> When I looked at it (perhaps the developers will correct me if I'm
> wrong), I concluded that it worked this way because of the way nsd
> drops privilege after binding to the low-numbered port.  It seemed to
> me that because it wanted to drop privs as soon as possible, it had to
> adopt some strategy of handling the requests, so SERVFAIL was the
> answer.  I agree it's sort of ugly, though.
> 

Yes, we drop privileges as soon as possible, so ports can't be bound
later on. We might be able to do this later, but that would make the
problem only slightly less annoying.

Although i'm not yet sure, i have the feeling there's a bug causing this
performance problem (i think it shouldn't be that slow to synchronize),
and i think we should be trying to find a solution for that rather than
ameliorate the behaviour when it's not yet finished.

Jelte

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20070710/bf6820a6/attachment.bin>


More information about the nsd-users mailing list