On Mon, Nov 25, 2013 at 06:15:48PM +0000, Stuart Henderson wrote:
> I've had one test report so far, has anyone else tested this?
>
> > Update notes (also repeated in the diff file):
> >
> > cd /usr/sbin && rm nsd-notify nsd-patch nsd-xfer nsd-zonec nsdc
> > cd /usr/share/man/man8 && rm nsd-notify.8 nsd-patch.8 nsd-xfer.8
> > nsd-zonec.8 nsdc.8
> > chown _nsd /var/nsd/db/nsd.db
> > install -o _nsd -g _nsd -d 750 /var/nsd/run/xfr
> > mv /etc/nsd.conf to /var/nsd/etc/nsd.conf
> > - needed to support reloads while in chroot
> > printf '\nremote-control:\n\tcontrol-enable: yes\n' >> /var/nsd/etc.nsd.conf
> >
> > $EDITOR /var/nsd/etc/nsd.conf
> > - if you have "include" lines, edit them to specify the *full* path e.g.
> > "include /var/nsd/etc/nsd.local" - nsd strips the chroot prefix as needed
> >
> > - remove any old cronjobs that run "nsdc patch", this is no longer needed
> >
> > N.B. NSD now uses mmap() to access its database. From what I have read
> > so far access is done just via the mmap rather than a mixture of that
> > and write(), but I may have missed something, more eyes on this would
> > be very welcome.
> >
>
I have been testing this on sparc64 (though i notice now that i built a
complete userland via "make build" instead of the specific make options
above. Sorry if this messes with something.)
Some things i ran into:
There is a typo on the printf-line above: s,etc\.nsd.conf,etc/nsd.conf,
And while nitpicking, maby the "to" in the mv line should be removed for
easy copy-pasting.
I needed to create a /var/nsd/etc directory (perms based on
/var/named/etc/):
# install -o root -g _nsd -d -m 750 /var/nsd/etc
(Is it possible that the /var/nsd/run/xfr creation above misses a
"-m")?
I also believe you need some wider permissions on the /var/nsd/db/
directory in order to use the nsd-control addzone/delzone stuff. I added
a pattern to the config:
---
pattern:
name: "slave"
zonefile: "slave/%s.zone"
---
... and played around with:
# nsd-control addzone example.com slave
# nsd-control delzone example.com
... which caused errors like the following:
Nov 25 18:49:58 crash nsd[21185]: could not create zone list /db/zone.list:
Permission denied
Nov 25 18:49:58 crash nsd[21185]: zone example.com could not be added
Nov 25 18:52:10 crash nsd[21185]: could not open /db/zone.list~: Permission
denied
Nov 25 18:57:12 crash nsd[21185]: could not open /db/zone.list~: Permission
denied
I solved this personally with:
# chown _nsd:wheel /var/nsd/db/
Wanting to write out the dynamically added zone also needs
permissions (in my example config) for zones/slave/:
# nsd-control write
Nov 25 19:55:40 crash nsd[19519]: cannot write zone example.com file
slave/example.com.zone~: Permission denied
I solved that with (again based on my personal config):
# chown _nsd /var/nsd/zones/slave
I have not tested this a lot, but at least dig @127.0.0.1 works for the
example.com zone.
Just thought I should throw this info out there, I think it is great you
are doing the work to get NSD 4 in base. Thanks a lot :).
Regards,
Patrik Lundin
