[nsd-users] nsd-control delzone on a zone that is defined in the nsd.conf

Will Pressly will at edgecast.com
Tue May 14 10:57:52 CEST 2013


Wow. Great new feature! Thanks for the explanation.

Regards,
Will Pressly


On Tue, May 14, 2013 at 1:44 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On 05/14/2013 10:24 AM, Will Pressly wrote:
> > Hi Wouter,
> >
> > Thanks for the reply.
> >
> > Wow. that sounds really great if I am understanding you correctly.
> > so, if I change my nsd.conf with any kind of arbitrary additions
> > and deletions, a simple nsd-control reconfig will intelligently
> > and dynamically merge all of those changes -- effectively obviating
> > the need for nsd-control [add|del]zone?
>
> Yes, it picks up changes and applies them by reforking the server
> processes.  This is limited to zone, key, pattern, access-control
> lists changes.  The server config is not really changeable without a
> restart (because it needs root privileges, which have been dropped).
> Also RRL config ratelimits and whitelists are updated (if you use RRL).
>
> It provides another workflow, not control add|del zone, but push
> nsd.conf and reconfig.
>
> Best regards,
>    Wouter
>
> > Thanks, Will
> >
> >
> > On Tue, May 14, 2013 at 12:01 AM, W.C.A. Wijngaards
> > <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
> >
> > Hi Will,
> >
> > On 05/08/2013 11:32 PM, Jaap Akkerhuis wrote:
> >
> >> I am trying to wrap my head around the rationale of the
> >> restriction on not allowing nsd-control to delzone a zone that is
> >> configured in the nsd.conf. What is the risk here? Is it more of
> >> an operational one where it will not truly delete if a stop/start
> >> of the daemon occurs without modification of the nsd.conf? I
> >> mean, if your workflow is to always update your nsd.conf by
> >> removing entries for zones you are planning to delzone (and then
> >> blowing away the zone.list file before start) -- then where is
> >> the problem, exactly?
> >
> >> I see the restriction only exists in remote.c, and it doesn't
> >> look like deleting one of these zones declared in the nsd.conf
> >> would be much different that one that wasn't (although I am
> >> probably missing something).
> >
> >> Can you help me understand this, please?
> >
> >> FYI, Wouter is on vacation so it might take another week or so
> >> before he answers. What I do remember from talking about this is
> >> that "nsd-control delzone" is merely the inverse of "nsd-control
> >> addzone".
> >
> >> Zones defined in nsd.conf are supposed to be static that is why
> >> the man nsd-control says:
> >
> >> Zones  configured  inside  nsd.conf  itself  cannot be removed
> >> this way because  the  daemon  does  not  write to the nsd.conf
> >> file, you need to add such zones to the zonelist file to be able
> >> to delete them with the delzone command.
> >
> >> Hope this helps.
> >
> > Yes, what you can do, if you modify the nsd.conf yourself, is that
> > you modify the nsd.conf and then nsd-control reconfig (you need
> > that latest svn trunk of NSD4 for that, beta4 does not have this
> > feature). Then it adds and removes the changes you made in the
> > config file. This may fit better into your existing workflow.
> >
> > Best regards, Wouter
> >
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJRkflkAAoJEJ9vHC1+BF+NLfsP/Aqn2c67ds/87+pnzux0UN+6
> +Rb4iNreUIGF0gY3gH3hM1m0zFazQLnhXBP6d+RJZ9Dmh44RoljIFVw6J20glmCR
> 7keZmq01zr/W+JQ1+uoxj5Kv737OXkLL/CNF8+qIHx/O1/betvt7qdF8G2PL0qDX
> wAL53xTRnZ5MZKi0jX9sukxcj9tonBa6QIde6YxH6i2Joxg96U5R/jO/QQ0Ml5Kd
> ia8peN4oJZ39/M6zmiX9pcsqXXuWdv2RMMq12w570vS0jXziLIxz+KYZoh/T4saN
> Awi9LIT3zkwfb1u54DN43SIzbXfx4pZGYkhfk0kbeWZy4KeH5Wmr8qx1fEATCGmF
> GvtFRCaBR6vIf01Tj63v272EVyVtH/RLF7XWQ8JHJYx/35ZvuONopiZtMl4UeGz2
> 887MopB4IHNqDddIR/Adal0HoVPxuZTqAzNbZ6pN/dxr2W45cPO0A1ym590oY4HO
> gngQRBGLc3DEIKPFjQtetFreG2llepQtPlmu7idNAaNN7Bg+H62VPKdGDIGuYUw8
> YmlgjjfnovEaNocIz3Q7bt84gZe24mkxe6KLA5BGMbJaI0nmbcrh7udMte2nLxSZ
> vAkIebpe6ZMiGjUzGN5kHxSFmxOgE45PdexQTnI2KGTpYjsrOjeaHedGWPDzsDqS
> jnpmcAgp53M1AOZFvKqY
> =2WOw
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://open.nlnetlabs.nl/pipermail/nsd-users/attachments/20130514/12803004/attachment-0001.html>


More information about the nsd-users mailing list