[nsd-users] nsd-control delzone on a zone that is defined in the nsd.conf
will at edgecast.com
Tue May 14 10:57:52 CEST 2013
Wow. Great new feature! Thanks for the explanation.
On Tue, May 14, 2013 at 1:44 AM, W.C.A. Wijngaards <wouter at nlnetlabs.nl>wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 05/14/2013 10:24 AM, Will Pressly wrote:
> > Hi Wouter,
> > Thanks for the reply.
> > Wow. that sounds really great if I am understanding you correctly.
> > so, if I change my nsd.conf with any kind of arbitrary additions
> > and deletions, a simple nsd-control reconfig will intelligently
> > and dynamically merge all of those changes -- effectively obviating
> > the need for nsd-control [add|del]zone?
> Yes, it picks up changes and applies them by reforking the server
> processes. This is limited to zone, key, pattern, access-control
> lists changes. The server config is not really changeable without a
> restart (because it needs root privileges, which have been dropped).
> Also RRL config ratelimits and whitelists are updated (if you use RRL).
> It provides another workflow, not control add|del zone, but push
> nsd.conf and reconfig.
> Best regards,
> > Thanks, Will
> > On Tue, May 14, 2013 at 12:01 AM, W.C.A. Wijngaards
> > <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
> > Hi Will,
> > On 05/08/2013 11:32 PM, Jaap Akkerhuis wrote:
> >> I am trying to wrap my head around the rationale of the
> >> restriction on not allowing nsd-control to delzone a zone that is
> >> configured in the nsd.conf. What is the risk here? Is it more of
> >> an operational one where it will not truly delete if a stop/start
> >> of the daemon occurs without modification of the nsd.conf? I
> >> mean, if your workflow is to always update your nsd.conf by
> >> removing entries for zones you are planning to delzone (and then
> >> blowing away the zone.list file before start) -- then where is
> >> the problem, exactly?
> >> I see the restriction only exists in remote.c, and it doesn't
> >> look like deleting one of these zones declared in the nsd.conf
> >> would be much different that one that wasn't (although I am
> >> probably missing something).
> >> Can you help me understand this, please?
> >> FYI, Wouter is on vacation so it might take another week or so
> >> before he answers. What I do remember from talking about this is
> >> that "nsd-control delzone" is merely the inverse of "nsd-control
> >> addzone".
> >> Zones defined in nsd.conf are supposed to be static that is why
> >> the man nsd-control says:
> >> Zones configured inside nsd.conf itself cannot be removed
> >> this way because the daemon does not write to the nsd.conf
> >> file, you need to add such zones to the zonelist file to be able
> >> to delete them with the delzone command.
> >> Hope this helps.
> > Yes, what you can do, if you modify the nsd.conf yourself, is that
> > you modify the nsd.conf and then nsd-control reconfig (you need
> > that latest svn trunk of NSD4 for that, beta4 does not have this
> > feature). Then it adds and removes the changes you made in the
> > config file. This may fit better into your existing workflow.
> > Best regards, Wouter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nsd-users