NSD4 Features


2 min read

By Wouter Wijngaards

NSD 4 is under development. The plan is to improve NSD 3 with a number of new features. The main goals are:

  • More dynamic configuration support
  • High number of zones supported
  • It stays the lean and mean, typical secondary authoritative DNS server that you know it for.

To do this, the implementation includes the following features (available today, from development snapshots):

  • patterns — config file structures that macro-ize the configuration of different zones, so you do not have to repeat configuration for many zones.
  • nsd-control — basically a copy of our BSD-licensed unbound product’s unbound-control, it connects over SSL to the daemon and you can then tell it new configuration without a restart. Add and remove zones, and other commands.
  • changes to the database, both in memory and on disk to accommodate the goals. This includes incremental NSEC3 precompilation which speeds up the change of very large zones.
  • nsdc and zonec gone. the cronjob is gone — scratch files are kept in /tmp and deleted when no longer needed.

The patterns are a collection of zone options with a name. When you add new zones you can specify the options for the zone with the name of the pattern to apply. It is possible to use included-patterns to create shorthands for options shared by (many) other patterns. In this way you can easily specify the patterns for a large number of zones, and change options for all of them at once.

The zone compiler is part of NSD now, and is forked to read a zone file when needed. The modification times of the file system are used to read changed zone files (on the SIGHUP signal and the reload command). The database on disk is edited in-place, so that no restart is needed.

Further features are worked on to finish the implementation of NSD4.


Howto: Add new RRtypes to NSD
Next article

Howto: Add new RRtypes to NSD

People like to put stuff in the DNS. While we could put everything in a TXT record, in general it is better to define a new record type (RRtype). The latest addition is the TLSA record, to support the DANE protocol. The RRtype was added to NSD just one day after the RFC was published.


Related Articles

SAD DNS and NLnet Labs DNS software
5 min read
Journeying into XDP Part 1: Augmenting DNS
12 min read
DNS-over-HTTPS in Unbound
6 min read
Some Country for Old Men
4 min read
Journeying into XDP: Part 0
10 min read
Adapting Radix Trees
7 min read

GO TOP