On 2025 Sep 03 (Wed) at 20:49:06 +0100 (+0100), Stuart Henderson wrote:
:On 2025/09/03 14:59, Stuart Henderson wrote:
:> Looking at updating NSD - I've polished up an old diff I had, taking
:> us to NSD 4.11.0.
:> 
:> I'll look at updating again afterwards, but there have been enough
:> changes in 4.11.0 that I'd like to do that as a separate stage (not
:> least to simplify the CVS-wrangling).
:
:Turns out that was a good move because a bunch of merging was required
:in Makefile.in.
:
:More churn for things that are very unlikely to be relevant to us.
:
:Built on amd64 aarch64. Only very lightly tested so far.
:
:(We could also move nsd to ports if people are starting to get uneasy
:about keeping it in base. But, if it is in base, I'd like not to diverge
:much further from upstream, it is already a pain fiddling with compat
:and b64top parts).
:
:Not touched yet:
:
:- Disable TLSv1.2 if TLSv1.3 is available.
:I plan to undo that change
:
:- Change default for send-buffer-size to 4m
:Possibly needs checking as 4m seems fairly large for us;
:
:   send-buffer-size: <number>
:          Set the send buffer size for query-servicing sockets.  Set to 0 to
:          use the default settings.  It needs some space to be able to deal
:          with packets that wait for local address resolution, from like ARP
:          and NDP discovery, before they are sent out, hence it is elevated
:          above the system default by default.  The default is 4194304 bytes
:          (4m).
:

Sucessfully tested on my test systems (arm64, amd64, riscv64, octeon),
and production (amd64 no IBT) auth dns servers.  same configs as the
4.11.0 tests.

-peter


-- 
I have made this letter longer than usual
because I lack the time to make it shorter.
		-- Blaise Pascal