NSD 4 is under development. The plan is to improve NSD 3 with a number of new features. The main goals are:
- More dynamic configuration support
- High number of zones supported
- It stays the lean and mean, typical secondary authoritative DNS server that you know it for.
To do this, the implementation includes the following features (available today, from development snapshots):
- patterns – config file structures that macro-ize the configuration of different zones, so you do not have to repeat configuration for many zones.
- nsd-control – basically a copy of our BSD-licensed unbound product’s unbound-control, it connects over SSL to the daemon and you can then tell it new configuration without a restart. Add and remove zones, and other commands.
- changes to the database, both in memory and on disk to accommodate the goals. This includes incremental NSEC3 precompilation which speeds up the change of very large zones.
- nsdc and zonec gone. the cronjob is gone – scratch files are kept in /tmp and deleted when no longer needed.
The patterns are a collection of zone options with a name. When you add new zones you can specify the options for the zone with the name of the pattern to apply. It is possible to use included-patterns to create shorthands for options shared by (many) other patterns. In this way you can easily specify the patterns for a large number of zones, and change options for all of them at once.
The zone compiler is part of NSD now, and is forked to read a zone file when needed. The modification times of the file system are used to read changed zone files (on the SIGHUP signal and the reload command). The database on disk is edited in-place, so that no restart is needed.
Further features are worked on to finish the implementation of NSD4.