Agenda: dns-nsd-config.2.txt

File dns-nsd-config.2.txt, 2.8 KB (added by admin, 7 years ago)
Line 
1Configuring NSD
2
31. Log in using SSH/Putty/... to your AUTH machine:
4
5    $ ssh -l adm auth.grpXX.ws.nsrc.org
6
72. On AUTH:
8
9    # cd /usr/local/etc/nsd/
10
11        Let's make a directory for slave zones to go into:
12
13        # mkdir slave
14        # chown bind slave
15
16        Let's copy the default configuration file:
17
18    # cp nsd.conf.sample nsd.conf
19        # chmod 644 nsd.conf
20
21    Now edit the file nsd.conf, and make the following changes:
22
23        - find the line:
24
25                # database: "/var/db/nsd/nsd.db"
26
27        and uncomment it (remove # in front):
28
29                database: "/var/db/nsd/nsd.db"
30
31        - find the line:
32       
33                # identity: "unidentified server"
34       
35        and change it to:
36
37                identity: "nsd 3.2.8"
38
39        - find the line:
40       
41                # zonesdir: "/usr/local/etc/nsd"
42
43        and change it to:
44
45                zonesdir: "/usr/local/etc/nsd"
46
47        - find the line:
48
49                # verbosity: 0
50       
51        and change it to:
52
53                verbosity: 1
54
55        - Now let's add a slave for your TLD zone.  Insert the following lines,
56        at the end of the file, replacing the appropriate values for your own
57        zone:
58
59- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
60zone:
61        name: "MYTLD"
62        zonefile: "slave/MYTLD.zone"
63
64        # Master server - replace X with the group of your master NS
65        allow-notify: 10.10.X.1 NOKEY
66        request-xfr: AXFR 10.10.X.1 NOKEY
67
68- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
69
70
71        - Save the file, exit
72
733. Start NSD!
74
75        - edit /etc/rc.conf and add:
76
77    nsd_enable="YES"
78
79    # /usr/local/etc/rc.d/nsd start
80
814. Rebuild and reload NSD's base
82
83        # nsdc patch
84        # nsdc rebuild
85        # nsdc update
86
87        You will see something similar in the output:
88
89...
90warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer.
91...
92
93        # nsdc reload
94
95        # tail /var/log/daemon.log
96
97        You should see something similar:
98
99...
100Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.10.X.1 with serial 2011027618 to disk
101Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.10.X.1 in 1 parts"
102...
103
104        Make NSD write the file to disk:
105
106        # nsdc patch
107
108        You should see something like:
109
110writing zone MYTLD to file slave/MYTLD.zone
111
112        Verify it is the case:
113
114        # ls -l slave/
115
116-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
117
1185. Test that your new secondary is answering:
119
120        # dig @127.0.0.1 MYTLD SOA
121
122
1236. If all is OK, add "auth.grpX.ws.nsrc.org" to your list of NSes in your
124   zone on the MASTER host - remember the serial!
125
126
127   ... when you modified the zone on MASTER, it should have
128   sent a notify to AUTH regarding the zone change, and AUTH should
129   have picked up the new version.
130
131   To verify that AUTH has picked up a new copy of the zone:
132
133   # dig @auth.grpX.ws.nsrc.org SOA MYTLD
134   # dig @auth.grpX.ws.nsrc.org NS MYTLD
135
136   Make sure you see all NSes, including auth.grpX !
137
138   Q: What else do you need to do to make your new NS public ?
139