Bug 193332

Summary: dns/nsd: upgrade to 4.1.0
Product: Ports & Packages Reporter: Jaap Akkerhuis <jaap>
Component: Individual Port(s)Assignee: Erwin Lansing <erwin>
Status: Closed FIXED    
Severity: Affects Many People CC: erwin
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
patch to upgrade
none
Improved patch none

Description Jaap Akkerhuis 2014-09-04 21:27:52 UTC 
Created attachment 146836 [details]
patch to upgrade

Upgrade to version 4.1.0

Note to committer(s):
The daemon used to run as bind:bind. I would like to have a separate uid & gid for it so propose to add to the UIDs file:

nsd:*:216:216::0:0:Opendnssec Pseudo User:/nonexistent:/usr/sbin/nologin

and to the GIDs file:

nsd:*:216:

Thanks!

        jaap

++++++
Release notes from Wouter:

This release has new features and bugfixes.  In nsd.conf you can
configure database: "" this makes NSD not use the large mmapped nsd.db
file, but instead read and write the zonefiles in text format, which
saves about 50% of the memory usage.  Also zonefile reading and
writing has been optimised to be faster, as well as processing time
for zone transfers.  NSD writes the (changed) zonefiles every hour.

The new nsd-checkzone tool reports if a zonefile parses so you can check
it before reading it into the daemon.

A bug is fixed where NSD 4 causes rising load average and memory
consumption on Linux systems, which is caused by a bug in Linux that
slowly deteriorates system performance by repeated recursive forks.

4.1.0
================
FEATURES:
 - database: "" starts without mmap of database.  Less memory is used,
   zones are read from text zonefile.
 - optimised zonefile parse code and zonefile write code.
 - zonefiles-write option in nsd.conf, enabled when database is "".
   The server writes changed zonefiles to disk every hour.
 - xfrdfile: "" disables xfrd.state.  If enabled, zones that are
   same as before are not checked for a serial update at server start.
 - include: "foo/nsd.d/*.conf" works, wildcard glob on includes.
 - nsd shuts down during init process if given signal.
 - log-time-ascii option, default yes, with readable timestamp in log.
 - nsd-control addzone reports if zone already exists.
 - Fix #564: add nsd-checkzone tool to check zonefile correctness.
 - Increased default --with-max-ips from 8 to 16, this increases the
   number of interfaces you can specify in nsd.conf to listen to.
BUG FIXES:
 - Fixed shutdown message sporadically not printed on exit
   (Thanks Anand Buddhdev).
 - Documented zonefile %s syntax in nsd.conf man page.
 - Fix manpage to put colon after zonefiles check and write.
 - Change from "Zone" to "zone" with ".. serial .. is updated" log
   message.
 - Changed maxbackoff for no-content secondary zones from 4h to 24h.
 - Fix print filename of encompassing config file on read failure.
 - Fix delete or rename of a lot of zones and make it take a
   non-enormous time.
 - Speed up deletion of zone contents a lot, (56s to 1s), speeds up
   delete, rename and AXFR for zones.
 - Fix #571: unused variable and incompatible pointer warnings when
   compiled on a system without INET6.
 - Fix write_socket return value check in server.c (Thanks Brad Smith,
   Mark Kettenis).
 - Fix that xfrd reaps children also if the signal is lost.
 - Fix #577: makefile incorrectly installed manpages from srcdir.
 - Fix #587: Default value for statistics is 0.
 - Fix #553: Improve TXT parsing.
 - Fix #590: rrl log does not print wildcard as a star but escaped.
 - Fix #591: rrl log messages at verbosity level 1.
 - fix strptime implicit declaration error on OpenBSD.
 - Fix -O3 compile flag to -O2 to avoid miscompilations.
 - Allow user to override the -g -O2 CFLAGS in ./configure.
 - Fix endian.h include for OpenBSD.
 - Remove .LP after .SH in man pages.
 - Fix #600: document that provide-xfr provides AXFR and not IXFR.
 - Fix rising-load-average or memory-leaks in OSes (Linux since 2.6),
   that keep track of all past process parents, or leak memory
   for them.  Fix makes it so there is no very deep string of
   process parents.
 - The nsd-checkconf man page is installed (changed from 4.1.0rc1).
Comment 1 Erwin Lansing freebsd_committer freebsd_triage 2014-09-05 08:54:40 UTC 
Created attachment 146850 [details]
Improved patch

Proposed new patch:
- add nsd-checkzone to plist (only manpage was listed)
- Actually create user and group by listing USERS/GROUPS
- Strip binaries, one less warning

I'm also seeing some configure warnings:
configure: WARNING: unrecognized options: --enable-draft-rrtypes, --enable-full-prehash, --disable-enable-recvmmsg
Comment 2 Jaap Akkerhuis 2014-09-05 09:36:14 UTC 
(In reply to Erwin Lansing from comment #1)

They all seem fine to me, see explanations below.
Apologies for not catching these.

        jaap

> Created attachment 146850 [details]
> Improved patch
> 
> Proposed new patch:
> - add nsd-checkzone to plist (only manpage was listed)

Ai. Silly to forget

> - Actually create user and group by listing USERS/GROUPS

Apparently was never there, fine to add it.

> - Strip binaries, one less warning

I always forget that stripping binaries is apparebtly a new policy

> 
> I'm also seeing some configure warnings:
> configure: WARNING: unrecognized options: --enable-draft-rrtypes,
> --enable-full-prehash, --disable-enable-recvmmsg

Some options apparently became default. You might wan to remove the
corresponding lines (see below) from the Makefile or do you want yet another patch?
I tested the changes and it builds fine this way.

NSEC3PREHASH_DESC=     Full NSEC3 pre-hashing
EUI_RRTYPES_DESC=      EUI48 and EUI64 RRtypes support
RECVMMSG_DESC=         Enable use of recvmmsg and sendmmsg

NSEC3PREHASH_CONFIGURE_ENABLE= full-prehash
EUI_RRTYPES_CONFIGURE_ENABLE=  draft-rrtypes
RECVMMSG_CONFIGURE_ENABLE=     enable-recvmmsg
Comment 3 Erwin Lansing freebsd_committer freebsd_triage 2014-09-05 11:21:15 UTC 
Committed, thanks!
Comment 4 commit-hook freebsd_committer freebsd_triage 2014-09-05 11:21:19 UTC 
A commit references this bug:

Author: erwin
Date: Fri Sep  5 11:20:43 UTC 2014
New revision: 367332
URL: http://svnweb.freebsd.org/changeset/ports/367332

Log:
  - Update to 4.1.0
  - Use nsd instead of bind user

  This release has new features and bugfixes.  In nsd.conf you can
  configure database: "" this makes NSD not use the large mmapped nsd.db
  file, but instead read and write the zonefiles in text format, which
  saves about 50% of the memory usage.  Also zonefile reading and
  writing has been optimised to be faster, as well as processing time
  for zone transfers.  NSD writes the (changed) zonefiles every hour.

  The new nsd-checkzone tool reports if a zonefile parses so you can check
  it before reading it into the daemon.

  A bug is fixed where NSD 4 causes rising load average and memory
  consumption on Linux systems, which is caused by a bug in Linux that
  slowly deteriorates system performance by repeated recursive forks.

  Full release notes: http://open.nlnetlabs.nl/pipermail/nsd-users/2014-September/002007.html

  PR:		193332
  Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
  Sponsored by:	DK Hostmaster A/S

Changes:
  head/GIDs
  head/UIDs
  head/dns/nsd/Makefile
  head/dns/nsd/distinfo
  head/dns/nsd/pkg-plist