1nsd-control(8) nsd 4.1.24 nsd-control(8)
2
6 nsd-control, nsd-control-setup - NSD remote server control utility.
7
9 nsd-control [-c cfgfile] [-s server] command
10
12 nsd-control performs remote administration on the nsd(8) DNS server.
13 It reads the configuration file, contacts the nsd server over SSL,
14 sends the command and displays the result.
15 The available options are:
17 -h Show the version and commandline option help.
19 -c cfgfile
21 The config file to read with settings. If not given the default
22 config file /etc/nsd/nsd.conf is used.
23 -s server[@port]
25 IPv4 or IPv6 address of the server to contact. If not given,
26 the address is read from the config file.
27
29 There are several commands that the server understands.
30 start Start the server. Simply execs nsd(8). The nsd executable is
32 searched for in the PATH set in the environment. It is started
33 with the config file specified using -c or the default config
34 file.
35 stop Stop the server. The server daemon exits.
37 reload [<zone>]
39 Reload zonefiles and reopen logfile. Without argument reads
40 changed zonefiles. With argument reads the zonefile for the
41 given zone and loads it.
42 reconfig
44 Reload nsd.conf and apply changes to TSIG keys and configuration
45 patterns, and apply the changes to add and remove zones that are
46 mentioned in the config. Other changes are not applied, such as
47 listening ip address and port and chroot. The pattern updates
48 means that the configuration options for zones (request-xfr,
49 zonefile, notify, ...) are updated. Also new patterns are
50 available for use with the addzone command.
51 repattern
53 Same as the reconfig option.
54 log_reopen
56 Reopen the logfile, for log rotate that wants to move the log‐
57 file away and create a new logfile. The log can also be
58 reopened with kill -HUP (which also reloads all zonefiles).
59 status Display server status. Exit code 3 if not running (the connec‐
61 tion to the port is refused), 1 on error, 0 if running.
62 stats Output a sequence of name=value lines with statistics informa‐
64 tion, requires NSD to be compiled with this option enabled.
65 stats_noreset
67 Same as stats, but does not zero the counters.
68 addzone <zone name> <pattern name>
70 Add a new zone to the running server. The zone is added to the
71 zonelist file on disk, so it stays after a restart. The pattern
72 name determines the options for the new zone. For slave zones a
73 zone transfer is immediately attempted. For zones with a zone‐
74 file, the zone file is attempted to be read in.
75 delzone <zone name>
77 Remove the zone from the running server. The zone is removed
78 from the zonelist file on disk, from the nsd.db file and from
79 the memory. If it had a zonefile, this remains (but may be out‐
80 dated). Zones configured inside nsd.conf itself cannot be
81 removed this way because the daemon does not write to the
82 nsd.conf file, you need to add such zones to the zonelist file
83 to be able to delete them with the delzone command.
84 addzones
86 Add zones read from stdin of nsd-control. Input is read per
87 line, with name space patternname on a line. For bulk addi‐
88 tions.
89 delzones
91 Remove zones read from stdin of nsd-control. Input is one name
92 per line. For bulk removals.
93 write [<zone>]
95 Write zonefiles to disk, or the given zonefile to disk. Zones
96 that have changed (via AXFR or IXFR) are written, or if the
97 zonefile has not been created yet then it is created. Directory
98 components of the zonefile path are created if necessary.
99 notify [<zone>]
101 Send NOTIFY messages to slave servers. Sends to the IP
102 addresses configured in the 'notify:' lists for the master zones
103 hosted on this server. Usually NSD sends NOTIFY messages right
104 away when a master zone serial is updated. If a zone is given,
105 notifies are sent for that zone. These slave servers are sup‐
106 posed to initiate a zone transfer request later (to this server
107 or another master), this can be allowed via the 'provide-xfr:'
108 acl list configuration.
109 transfer [<zone>]
111 Attempt to update slave zones that are hosted on this server by
112 contacting the masters. The masters are configured via
113 'request-xfr:' lists. If a zone is given, that zone is updated.
114 Usually NSD receives a NOTIFY from the masters (configured via
115 'allow-notify:' acl list) that a new zone serial has to be
116 transferred. For zones with no content, NSD may have backed off
117 from asking often because the masters did not respond, but this
118 command will reset the backoff to its initial timeout, for fre‐
119 quent retries.
120 force_transfer [<zone>]
122 Force update slave zones that are hosted on this server. Even
123 if the master hosts the same serial number of the zone, a full
124 AXFR is performed to fetch it. If you want to use IXFR and
125 check that the serial number increases, use the 'transfer' com‐
126 mand.
127 zonestatus [<zone>]
129 Print state of the zone, the serial numbers and since when they
130 have been acquired. Also prints the notify action (to which
131 server), and zone transfer (and from which master) if there is
132 activity right now. The state of the zone is printed as: 'mas‐
133 ter' (master zones), 'ok' (slave zone is up-to-date), 'expired'
134 (slave zone has expired), 'refreshing' (slave zone has transfers
135 active). The serial numbers printed are the 'served-serial'
136 (currently active), the 'commit-serial' (is in reload), the
137 'notified-serial' (got notify, busy fetching the data). The
138 serial numbers are only printed if such a serial number is
139 available.
140 serverpid
142 Prints the PID of the server process. This is used for statis‐
143 tics (and only works when NSD is compiled with statistics
144 enabled). This pid is not for sending unix signals, use the pid
145 from nsd.pid for that, that pid is also stable.
146 verbosity <number>
148 Change logging verbosity.
149
151 The nsd-control program exits with status code 1 on error, 0 on suc‐
152 cess.
153
155 The setup requires a self-signed certificate and private keys for both
156 the server and client. The script nsd-control-setup generates these in
157 the default run directory, or with -d in another directory. If you
158 change the access control permissions on the key files you can decide
159 who can use nsd-control, by default owner and group but not all users.
160 The script preserves private keys present in the directory. After run‐
161 ning the script as root, turn on control-enable in nsd.conf.
162
164 The stats command shows a number of statistic counters.
165 num.queries
167 number of queries received (the tcp and udp queries added up).
168 serverX.queries
170 number of queries handled by the server process. The number of
171 server processes is set with the config statement server-count.
172 time.boot
174 uptime in seconds since the server was started. With fractional
175 seconds.
176 time.elapsed
178 time since the last stats report, in seconds. With fractional
179 seconds. Can be zero if polled quickly and the previous stats
180 command resets the counters, so that the next gets a fully zero,
181 and zero elapsed time, report.
182 size.db.disk
184 size of nsd.db on disk, in bytes.
185 size.db.mem
187 size of the DNS database in memory, in bytes.
188 size.xfrd.mem
190 size of memory for zone transfers and notifies in xfrd process,
191 excludes TSIG data, in bytes.
192 size.config.disk
194 size of zonelist file on disk, excludes the nsd.conf size, in
195 bytes.
196 size.config.mem
198 size of config data in memory, kept twice in server and xfrd
199 process, in bytes.
200 num.type.X
202 number of queries with this query type.
203 num.opcode.X
205 number of queries with this opcode.
206 num.class.X
208 number of queries with this query class.
209 num.rcode.X
211 number of answers that carried this return code.
212 num.edns
214 number of queries with EDNS OPT.
215 num.ednserr
217 number of queries which failed EDNS parse.
218 num.udp
220 number of queries over UDP ip4.
221 num.udp6
223 number of queries over UDP ip6.
224 num.tcp
226 number of connections over TCP ip4.
227 num.tcp6
229 number of connections over TCP ip6.
230 num.answer_wo_aa
232 number of answers with NOERROR rcode and without AA flag, this
233 includes the referrals.
234 num.rxerr
236 number of queries for which the receive failed.
237 num.txerr
239 number of answers for which the transmit failed.
240 num.raxfr
242 number of AXFR requests from clients (that got served with
243 reply).
244 num.truncated
246 number of answers with TC flag set.
247 num.dropped
249 number of queries that were dropped because they failed sanity
250 check.
251 zone.master
253 number of master zones served. These are zones with no
254 'request-xfr:' entries.
255 zone.slave
257 number of slave zones served. These are zones with
258 'request-xfr' entries.
259
261 /etc/nsd/nsd.conf
262 nsd configuration file.
263 /etc/nsd
265 directory with private keys (nsd_server.key and nsd_control.key)
266 and self-signed certificates (nsd_server.pem and nsd_con‐
267 trol.pem).
268
270 nsd.conf(5), nsd(8), nsd-checkconf(8)
271NLnet Labs Aug 13, 2018 nsd-control(8)