nsd
nsd copied to clipboard
The NLnet Labs Name Server Daemon (NSD) is an authoritative, RFC compliant DNS nameserver.
This section still refers to master/slave: https://github.com/NLnetLabs/nsd/blob/c888d317b9b959fbb8613758550e5c93282a19f5/nsd.conf.5.in#L942 Solution: Change to primary/secondary
The XoT specification [requires](https://www.rfc-editor.org/rfc/rfc9103.html#name-connection-establishment) `dot` ALPN token to be negotiated for zone transfers: > 7.1. Connection Establishment > During connection establishment, the Application-Layer Protocol Negotiation (ALPN) token "dot" [DoT-ALPN] MUST...
The nsd.conf man page says that the default location of the cookie secret file is /etc/nsd/nsd_cookiesecrets.txt. However, if one tries to add a cookie using nsd-control, this is what happens:...
Unbound supports making TLS/certificate optional for the remote control facility using `control-use-cert`. This is handy when listening on localhost. Same would be useful with NSD.
NSD serves RRsets with differing TTLs in them which, according to [RFC 2181, section 5.2](https://datatracker.ietf.org/doc/html/rfc2181#section-5.2) is not permitted: > In no case may a server send an RRSet with TTLs...
chroot
Hello, I have a problem with both nsd and unbound and I need direction on how to solve it. I need to respect standards, namely write the variable data under...
*** FOR REVIEW ONLY AT THIS TIME*** * Part of the work to prototype draft-ietf-dprive-xfr-over-tls * Adds 2 new parameters: `xfrd-conn-reuse` (default no) and `tcp-idle-timeout` (default 10) * If `xfrd-conn-reuse:...
Useful references: - The draft: https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-03.html - HOWTO add new RR types in NSD: https://blog.nlnetlabs.nl/howto--add-new-rrtypes-to-nsd/ - HOWTO add new rdata types in NSD: https://lists.nlnetlabs.nl/pipermail/nsd-users/2012-July/001480.html - Example SVCB implementation in ldns:...
Hi, While fuzzing nsd-checkzone in NSD 4.2.4 (and git nighly build (revision: a1879fb4363cb0ad1fa85ef9a11499c7e3d95540)), I found a buffer overflow in the dname_to_string() function, in dname.c. Attaching a reproducer (zipped so GitHub...
Since there are more DNS amplification attacks nowadays, is there a way drop all queries that are not hosted? nsd is authoritative DNS name server, I do not want people...