| 1 | Configuring NSD | 
|---|
| 2 |  | 
|---|
| 3 | 1. Log in using SSH/Putty/... to your AUTH2 machine: | 
|---|
| 4 |  | 
|---|
| 5 | $ ssh sysadm@auth2.grpXX.dns.nsrc.org | 
|---|
| 6 |  | 
|---|
| 7 | 2. On AUTH2: | 
|---|
| 8 |  | 
|---|
| 9 | # cd /usr/local/etc/nsd/ | 
|---|
| 10 |  | 
|---|
| 11 | Let's make a directory for slave zones to go into: | 
|---|
| 12 |  | 
|---|
| 13 | # mkdir slave | 
|---|
| 14 | # chown bind slave | 
|---|
| 15 |  | 
|---|
| 16 | Let's copy the default configuration file: | 
|---|
| 17 |  | 
|---|
| 18 | # cp nsd.conf.sample nsd.conf | 
|---|
| 19 | # chmod 644 nsd.conf | 
|---|
| 20 |  | 
|---|
| 21 | Now edit the file nsd.conf, and make the following changes: | 
|---|
| 22 |  | 
|---|
| 23 | - find the line: | 
|---|
| 24 |  | 
|---|
| 25 | # ip-address: 12fe::8ef0 | 
|---|
| 26 |  | 
|---|
| 27 | and just below it add | 
|---|
| 28 |  | 
|---|
| 29 | ip-address: 10.20.xx.2 | 
|---|
| 30 | ip-address: 127.0.0.1 | 
|---|
| 31 |  | 
|---|
| 32 | - find the line: | 
|---|
| 33 |  | 
|---|
| 34 | # database: "/var/db/nsd/nsd.db" | 
|---|
| 35 |  | 
|---|
| 36 | and uncomment it (remove # in front): | 
|---|
| 37 |  | 
|---|
| 38 | database: "/var/db/nsd/nsd.db" | 
|---|
| 39 |  | 
|---|
| 40 | - find the line: | 
|---|
| 41 |  | 
|---|
| 42 | # identity: "unidentified server" | 
|---|
| 43 |  | 
|---|
| 44 | and change it to: | 
|---|
| 45 |  | 
|---|
| 46 | identity: "nsd 3.2.14" | 
|---|
| 47 |  | 
|---|
| 48 | - find the line: | 
|---|
| 49 |  | 
|---|
| 50 | # zonesdir: "/usr/local/etc/nsd" | 
|---|
| 51 |  | 
|---|
| 52 | and change it to: | 
|---|
| 53 |  | 
|---|
| 54 | zonesdir: "/usr/local/etc/nsd" | 
|---|
| 55 |  | 
|---|
| 56 | - find the line: | 
|---|
| 57 |  | 
|---|
| 58 | # verbosity: 0 | 
|---|
| 59 |  | 
|---|
| 60 | and change it to: | 
|---|
| 61 |  | 
|---|
| 62 | verbosity: 1 | 
|---|
| 63 |  | 
|---|
| 64 | - Now let's add a slave for your TLD zone.  Insert the following lines, | 
|---|
| 65 | at the end of the file, replacing the appropriate values for your own | 
|---|
| 66 | zone: | 
|---|
| 67 |  | 
|---|
| 68 | - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - | 
|---|
| 69 | zone: | 
|---|
| 70 | name: "MYTLD" | 
|---|
| 71 | zonefile: "slave/MYTLD.zone" | 
|---|
| 72 |  | 
|---|
| 73 | # Master server - replace X with the group of your master NS | 
|---|
| 74 | allow-notify: 10.20.X.1 NOKEY | 
|---|
| 75 | allow-notify: 127.0.0.1 NOKEY | 
|---|
| 76 | request-xfr: AXFR 10.20.X.1 NOKEY | 
|---|
| 77 |  | 
|---|
| 78 | - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - | 
|---|
| 79 |  | 
|---|
| 80 |  | 
|---|
| 81 | - Save the file, exit | 
|---|
| 82 |  | 
|---|
| 83 | 3. Start NSD! | 
|---|
| 84 |  | 
|---|
| 85 | - edit /etc/rc.conf and add: | 
|---|
| 86 |  | 
|---|
| 87 | nsd_enable="YES" | 
|---|
| 88 |  | 
|---|
| 89 | # service nsd start | 
|---|
| 90 |  | 
|---|
| 91 | 4. Rebuild and reload NSD's base | 
|---|
| 92 |  | 
|---|
| 93 | # nsdc patch | 
|---|
| 94 | # nsdc rebuild | 
|---|
| 95 | # nsdc update | 
|---|
| 96 |  | 
|---|
| 97 | You will see something similar in the output: | 
|---|
| 98 |  | 
|---|
| 99 | ... | 
|---|
| 100 | warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer. | 
|---|
| 101 | ... | 
|---|
| 102 |  | 
|---|
| 103 | # nsdc reload | 
|---|
| 104 |  | 
|---|
| 105 | # tail /var/log/daemon.log | 
|---|
| 106 |  | 
|---|
| 107 | You should see something similar: | 
|---|
| 108 |  | 
|---|
| 109 | ... | 
|---|
| 110 | Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.20.X.1 with serial 2011027618 to disk | 
|---|
| 111 | Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.20.X.1 in 1 parts" | 
|---|
| 112 | ... | 
|---|
| 113 |  | 
|---|
| 114 | Make NSD write the file to disk: | 
|---|
| 115 |  | 
|---|
| 116 | # nsdc patch | 
|---|
| 117 |  | 
|---|
| 118 | You should see something like: | 
|---|
| 119 |  | 
|---|
| 120 | writing zone MYTLD to file slave/MYTLD.zone | 
|---|
| 121 |  | 
|---|
| 122 | Verify it is the case: | 
|---|
| 123 |  | 
|---|
| 124 | # ls -l slave/ | 
|---|
| 125 |  | 
|---|
| 126 | -rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone | 
|---|
| 127 |  | 
|---|
| 128 | 5. Test that your new secondary is answering: | 
|---|
| 129 |  | 
|---|
| 130 | # dig @127.0.0.1 MYTLD SOA | 
|---|
| 131 |  | 
|---|
| 132 |  | 
|---|
| 133 | 6. If all is OK, add "auth2.grpX.dns.nsrc.org" to your list of NSes in your | 
|---|
| 134 | zone on the AUTH1 host - remember the serial! | 
|---|
| 135 |  | 
|---|
| 136 |  | 
|---|
| 137 | ... when you modified the zone on AUTH1, it should have | 
|---|
| 138 | sent a notify to AUTH2 regarding the zone change, and AUTH2 should | 
|---|
| 139 | have picked up the new version. | 
|---|
| 140 |  | 
|---|
| 141 | To verify that AUTH2 has picked up a new copy of the zone: | 
|---|
| 142 |  | 
|---|
| 143 | # dig @auth2.grpX.dns.nsrc.org SOA MYTLD | 
|---|
| 144 | # dig @auth2.grpX.dns.nsrc.org NS MYTLD | 
|---|
| 145 |  | 
|---|
| 146 | Make sure you see all NSes, including auth2.grpX ! | 
|---|
| 147 |  | 
|---|
| 148 | Q: What else do you need to do to make your new NS public ? | 
|---|
| 149 |  | 
|---|