On Mon, Nov 25, 2013 at 06:15:48PM +0000, Stuart Henderson wrote: > I've had one test report so far, has anyone else tested this? > > > Update notes (also repeated in the diff file): > > > > cd /usr/sbin && rm nsd-notify nsd-patch nsd-xfer nsd-zonec nsdc > > cd /usr/share/man/man8 && rm nsd-notify.8 nsd-patch.8 nsd-xfer.8 > > nsd-zonec.8 nsdc.8 > > chown _nsd /var/nsd/db/nsd.db > > install -o _nsd -g _nsd -d 750 /var/nsd/run/xfr > > mv /etc/nsd.conf to /var/nsd/etc/nsd.conf > > - needed to support reloads while in chroot > > printf '\nremote-control:\n\tcontrol-enable: yes\n' >> /var/nsd/etc.nsd.conf > > > > $EDITOR /var/nsd/etc/nsd.conf > > - if you have "include" lines, edit them to specify the *full* path e.g. > > "include /var/nsd/etc/nsd.local" - nsd strips the chroot prefix as needed > > > > - remove any old cronjobs that run "nsdc patch", this is no longer needed > > > > N.B. NSD now uses mmap() to access its database. From what I have read > > so far access is done just via the mmap rather than a mixture of that > > and write(), but I may have missed something, more eyes on this would > > be very welcome. > > >
I have been testing this on sparc64 (though i notice now that i built a complete userland via "make build" instead of the specific make options above. Sorry if this messes with something.) Some things i ran into: There is a typo on the printf-line above: s,etc\.nsd.conf,etc/nsd.conf, And while nitpicking, maby the "to" in the mv line should be removed for easy copy-pasting. I needed to create a /var/nsd/etc directory (perms based on /var/named/etc/): # install -o root -g _nsd -d -m 750 /var/nsd/etc (Is it possible that the /var/nsd/run/xfr creation above misses a "-m")? I also believe you need some wider permissions on the /var/nsd/db/ directory in order to use the nsd-control addzone/delzone stuff. I added a pattern to the config: --- pattern: name: "slave" zonefile: "slave/%s.zone" --- ... and played around with: # nsd-control addzone example.com slave # nsd-control delzone example.com ... which caused errors like the following: Nov 25 18:49:58 crash nsd[21185]: could not create zone list /db/zone.list: Permission denied Nov 25 18:49:58 crash nsd[21185]: zone example.com could not be added Nov 25 18:52:10 crash nsd[21185]: could not open /db/zone.list~: Permission denied Nov 25 18:57:12 crash nsd[21185]: could not open /db/zone.list~: Permission denied I solved this personally with: # chown _nsd:wheel /var/nsd/db/ Wanting to write out the dynamically added zone also needs permissions (in my example config) for zones/slave/: # nsd-control write Nov 25 19:55:40 crash nsd[19519]: cannot write zone example.com file slave/example.com.zone~: Permission denied I solved that with (again based on my personal config): # chown _nsd /var/nsd/zones/slave I have not tested this a lot, but at least dig @127.0.0.1 works for the example.com zone. Just thought I should throw this info out there, I think it is great you are doing the work to get NSD 4 in base. Thanks a lot :). Regards, Patrik Lundin