Bugzilla – Bug 615
NSD fails to write slave zone files
Last modified: 2014-10-10 15:59:55 CEST
NSD 4.1.0 on FreeBSD amd64
The following options in nsd.conf
Zones are successfully xfr'd from master server and served out of the NSD process on the slave server, but zone files are never written to disk, even with a valid path. No warnings or errors in the log from NSD.
Workaround: use database
Did you configure zonefile: "example.com.zone" statements for the slave zones? With zonefile: "" the files are not written at all.
I assume you waited 3600 seconds (an hour), and nsd did not write them.
If you pass nsd-control write , or nsd-control write example.com is the zone then written to disk (with your zonename for example.com) ?
Yes. The zonefile *is* specified in the configuration.
There is no zonefile written after the initial xfer and no zonefile after hours.
I did try "nsd-control write" and that did not work.
I did NOT try "nsd-control write example.org" implicitly for the domain, I just assumed that would not work either.
That looks like a bug, does nsd-control write example.com zone specified work? I guess not because it uses the same code.
For me, this works, i.e. the zone is written to zonefile when the timer expires.
So what is causing this? Can you reproduce this (eg. use zonefiles-write: 10 seconds or so to test quickly)?
It may also help to increase verbosity level (eg. -V 2 or verbosity: 2), perhaps it prints more to the log, the default verbosity 0 prints very little, 1 prints more information and 2 is fairly verbose.
Best regards, Wouter
Specifying the domain did not work.
I'm wondering if it's just failing to write the zone files? Will NSD create the sub-directory when saving slave zones or is that a manual process? Regardless there is no error if it can't be written.
If it won't create subdir paths under the zone directory that may be part of the problem.
It should create subdir paths and report errors in syslog ...
I will try verbosity when I get a chance and update.
If your pattern std_zone has zonefile: "" set this will override the zonefile you set in the line above it. That would explain why it is not writing them?
Yes, verbosity log could be useful. Otherwise if that fails let me know and we can try to get more logs some other way.
And you can check this with nsd-checkconf -v [configfile] and see what the zonefile: statement for that zone is.
I do not specify a zonefile in the pattern, and it looks ok in the checkconf. Virtually all domains look the same:
allow-notify: 172.31.1.1 foo
request-xfr: AXFR 172.31.1.1 foo
The do xfer ok and they're served from memory, i just never see zonefiles written. I will try turning up the verbosity a bit. I would think if it failed to create/write the zonefile that would be something in the error log/syslog.
Yes that config looks fine. In the code, it sets a flag after the zone transfer (is_changed = 1), then when the timer expires, it checks that flag, create path components and write the zone. On errors it logs an error to syslog (NSD does manage to log other stuff, such as startup?, is your logging failed and thus we cannot see the failure?). It logs for path components, write calls.
It writes to zonefilename~ and then renames it to zonefilename.
Is it the case that the directory that NSD runs in (chroot?) is not owned by username nsd, and it cannot create the initial directory zones? It logs such permission denied failures, but perhaps logging fails too somehow (syslogd sometimes filters on daemon name and if you misconfig that everything is dropped).