Created attachment 268401 [details] patch to upgrade The previous release promised reduced memory footprint from refactored RDATA storage (and it did for the vast majority of cases), but just after the release, we received a report that NSD was consuming more memory for specific kind of zones (with RRsets consisting of many RRs). This release has that addressed so that NSD now consumes less memory in all cases and circumstances. A blog post highlighting these memory reductions is available at: https://blog.nlnetlabs.nl/smaller-faster-nsds-refactored-rdata-storage-and-compile-time-memory-reduction-options/ 4.14.1 ================ FEATURES: - Merge #469 from jschlyter: Add container build files BUG FIXES: - Fix to note DSYNC RFC9859 reference. - Fix to note reference for NXNAME in comment. - Merge #470 from jschlyter: Update path to default container configuration and entrypoint - Fix rr-test.tdir so AMTRELAY relay field is "." with type 0 - Fix checkconf.tdir test to anticipate default values for send-buffer-size and receive-buffer-size when configured with 0 - skip dns-cookies.tdir test with restricted unpriviledged userns - Fix #474: metrics output with zone statistics to change disallowed characters in metric names to underscores. - Fix that non normalized NSEC next owner names are preserved. - Fix to preserve case in literal dnames in RR types RRSIG, IPSECKEY, TALINK, DSYNC and AMTRELAY. - Fix for #474: Fix metrics name for zone statistics for the queries_total to have disallowed characters changed to underscores. - Fix to silence restricted userns check in test script. - Fix #475 info: axfr for domain from not-verified. - Fix metrics to clear server variable after close and log error on allocation failure. - Fix to escape slashes when they appear in the zone name for a pattern zonefile that is created. Also for per zone statistics. - Merge #472: Reduce memory usage with zones with RRsets consisting of many RRs. - Fix man page for ip-address, add text about process numbers, bindtodevice and setfib. - Fix systemd signalling so that it does not reload for too long. The reload is not signalled to systemd, so that long operations can complete, without systemd acting on a timer to stop them.
Fix build with non-default USER/GROUP: .if ${NSDUSER} == nsd USERS= ${NSDUSER} .endif .if ${NSDGROUP} == nsd GROUPS= ${NSDGROUP} .endif
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2245ad53ac922ccb6b52b5a55bfa2fab09861bfb commit 2245ad53ac922ccb6b52b5a55bfa2fab09861bfb Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2026-02-28 17:12:29 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2026-02-28 17:21:22 +0000 dns/nsd: Update 4.14.0 => 4.14.1 Release Notes: https://www.nlnetlabs.nl/news/2026/Feb/24/nsd-4.14.1-released/ Fix build with non-default USER/GROUP. PR: 293488 dns/nsd/Makefile | 6 +++++- dns/nsd/distinfo | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-)
Thanks.