Track2Agenda: 01-dns-nsd-config.txt

Configuring NSD

1. Log in using SSH/Putty/... to your AUTH2 machine:

    $ ssh sysadm@auth2.grpXX.dns.nsrc.org
        
        Firstly, note that your hostname is configured correctly
        on your machine.  Check that it is configured correctly by
        using the 'hostname' command - e.g. on auth210.10.grpXX.dns.nsrc.org, if you type:

         # hostname

        You should see:

          auth2.grpXX.dns.nsrc.org

        If not, then configure your server with its name: e.g. for
        auth2.grp25.dns.nsrc.org, type:

         # hostname auth2.grp25.dns.nsrc.org

        Remember to replace "grpXX" with the the proper group number!

        Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf),
        and update the "hostname":

          hostname="auth2.grpXX.dns.nsrc.org"

        In the file /etc/hosts, you should see a line:

          10.10.X.2   auth2.grpXX auth2.grpXX.dns.nsrc.org

2. On AUTH2:

    # cd /usr/local/etc/nsd/

        Let's make a directory for slave zones to go into:

        # mkdir slave
        # chown nsd slave

        Let's copy the default configuration file:

    # cp nsd.conf.sample nsd.conf
        # chmod 644 nsd.conf

    Now edit the file nsd.conf, and make the following changes:

        - find the line:

                # ip-address: 12fe::8ef0

        and just below it add

                ip-address: 10.10.xx.2
                ip-address: 127.0.0.1

        - find the line:

                # database: "/var/db/nsd/nsd.db"

        and uncomment it (remove # in front):

                database: "/var/db/nsd/nsd.db"

        - find the line:
        
                # identity: "unidentified server"
        
        and change it to:

                identity: "nsd 4.1.1"

        - find the line:
        
                # zonesdir: "/usr/local/etc/nsd"

        and change it to:

                zonesdir: "/usr/local/etc/nsd"

        - find the line:

                # verbosity: 0
        
        and change it to:

                verbosity: 1
                
        Allow the nsd-control program to manage the server by adding:
        
        remote-control:
                control-enable: yes

        - Now let's add a slave for your TLD zone.  Insert the following lines,
        at the end of the file, replacing the appropriate values for your own
        zone:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - 
zone:
        name: "MYTLD"
        zonefile: "slave/MYTLD.zone"

        # Master server - replace X with the group of your master NS
        allow-notify: 10.10.X.1 NOKEY
        allow-notify: 127.0.0.1 NOKEY
        request-xfr: AXFR 10.10.X.1 NOKEY

- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - 


        - Save the file, exit

3. Setup the nsd-control program:

        # nsd-control-setup

4. Start NSD!

        - edit /etc/rc.conf and add:

    nsd_enable="YES"

    # service nsd restart 

        
5. Check the status and rebuild and reload NSD's base

        # nsd-control status
    # nsd-control write MYTLD
        # nsd-control reload

   Check the log file:
   
        # tail /var/log/daemon.log

   Check that the transfer has happened:
        
        # ls -l slave/

-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone

5. Test that your new secondary is answering:

        # dig @127.0.0.1 MYTLD SOA


6. If all is OK, add "auth2.grpXX.dns.nsrc.org" to your list of NSes in your
   zone on the AUTH1 host - remember the serial!


   ... when you modified the zone on AUTH1, it should have
   sent a notify to AUTH2 regarding the zone change, and AUTH2 should
   have picked up the new version.

   To verify that AUTH2 has picked up a new copy of the zone:

   # dig @auth2.grpX.dns.nsrc.org SOA MYTLD
   # dig @auth2.grpX.dns.nsrc.org NS MYTLD

   Make sure you see all NSes, including auth2.grpX !

   Q: What else do you need to do to make your new NS public ?