User Tools

Site Tools


2015:dns:01-dns-nsd-config

Configuring NSD as SLAVE server

Check your machine configuration

Log in using SSH/Putty/… to your AUTH2 machine:

$ ssh sysadm@auth2.grpXX.dns.nsrc.org

Firstly, note that your hostname is configured correctly on your machine. Check that it is configured correctly by using the 'hostname' command

e.g. on auth2.grpXX.dns.nsrc.org, if you type:

# hostname

You should see:

auth2.grpXX.dns.nsrc.org

If not, then configure your server with its name:

e.g. for auth2.grp25.dns.nsrc.org, type:

# hostname auth2.grp25.dns.nsrc.org

Remember to replace “grpXX” with the the proper group number!

Edit the file /etc/rc.conf (using “vi” or “ee”, i.e.: ee /etc/rc.conf), and update the “hostname”:

hostname="auth2.grpXX.dns.nsrc.org"

In the file /etc/hosts, you should see a line:

10.10.X.2   auth2.grpXX auth2.grpXX.dns.nsrc.org

Configure the nsd server config

# cd /usr/local/etc/nsd/

Let's make a directory for slave zones to go into:

# mkdir slave
# chown nsd slave

Let's copy the default configuration file:

# cp nsd.conf.sample nsd.conf
# chmod 644 nsd.conf

Now edit the file nsd.conf, and make the following changes:

find the line:

# ip-address: 12fe::8ef0

and just below it add

ip-address: 10.10.xx.2
ip-address: fd90:10:10::XX:2
ip-address: 127	.0.0.1
ip-address: ::1

find the line:

# database: "/var/db/nsd/nsd.db"

and uncomment it (remove # in front):

database: "/var/db/nsd/nsd.db"

find the line:

# identity: "unidentified server"

and change it to:

identity: "nsd 4.1.1"

find the line:

# zonesdir: "/usr/local/etc/nsd"

and change it to:

zonesdir: "/usr/local/etc/nsd"

find the line:

# verbosity: 0

and change it to:

verbosity: 1

Allow the nsd-control program to manage the server by adding:

remote-control:
  control-enable: yes
		

Setup the nsd-control program

# nsd-control-setup

Start NSD

edit /etc/rc.conf and add:

nsd_enable="YES"

start the service:

# service nsd restart

At this point the server should be running without any data!

Add a SLAVE for your TLD zone

Now let's add a slave for your TLD zone. Insert the following lines, at the end of the nsd.conf file, replacing the appropriate values for your own zone:

zone:
  name: "MYTLD"
  zonefile: "slave/MYTLD.zone"
  
  # Master server - replace X with the group of your master NS
  allow-notify: 10.10.X.1 NOKEY
  allow-notify: 127.0.0.1 NOKEY
  request-xfr: AXFR 10.10.X.1 NOKEY

Save the file, exit

Reconfigure NSD's base, check status and that the zone transferred:

# nsd-control reconfig
# nsd-control status
# nsd-control write MYTLD

Check the log file:

# tail /var/log/daemon.log

Check that the transfer has happened:

# ls -l slave/

should display:

-rw-r–r– 1 root wheel 414 Feb 17 07:28 MYTLD.zone

Test that your new secondary is answering

# dig @127.0.0.1 SOA MYTLD.

Get your partner to setup their NSD server as a SLAVE for your zone

Go back to the section “Add a SLAVE for your TLD zone” and get your partner to repeat the instructions on their AUTH2 server.

If all is OK

add “auth2.grpX.dns.nsrc.org” and “auth2.grpY.dns.nsrc.org” to your list of NSes in your zone on the AUTH1 host - remember the serial!

… when you modify the zone on AUTH1, it should send a notifies to the two AUTH2 servers regarding the zone change, and the AUTH2 servers should pick up the new version.

To verify that the AUTH2 servers have picked up a new copy of the zone:

# dig @auth2.grpX.dns.nsrc.org SOA MYTLD.
# dig @auth2.grpX.dns.nsrc.org NS MYTLD.

and

# dig @auth2.grpY.dns.nsrc.org SOA MYTLD
# dig @auth2.grpY.dns.nsrc.org NS MYTLD

Make sure you see all the NS records!

Q: What else do you need to do to make your new NS public?

2015/dns/01-dns-nsd-config.txt · Last modified: 2016/02/03 05:04 (external edit)