Track2Agenda: 01-dns-nsd-config.txt

File 01-dns-nsd-config.txt, 3.3 KB (added by Andy Linton, 6 years ago)
Line 
1Configuring NSD
2
31. Log in using SSH/Putty/... to your AUTH2 machine:
4
5    $ ssh sysadm@auth2.grpXX.dns.nsrc.org
6       
7        Firstly, note that your hostname is configured correctly
8        on your machine.  Check that it is configured correctly by
9        using the 'hostname' command - e.g. on auth210.10.grpXX.dns.nsrc.org, if you type:
10
11         # hostname
12
13        You should see:
14
15          auth2.grpXX.dns.nsrc.org
16
17        If not, then configure your server with its name: e.g. for
18        auth2.grp25.dns.nsrc.org, type:
19
20         # hostname auth2.grp25.dns.nsrc.org
21
22        Remember to replace "grpXX" with the the proper group number!
23
24        Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf),
25        and update the "hostname":
26
27          hostname="auth2.grpXX.dns.nsrc.org"
28
29        In the file /etc/hosts, you should see a line:
30
31          10.10.X.2   auth2.grpXX auth2.grpXX.dns.nsrc.org
32
332. On AUTH2:
34
35    # cd /usr/local/etc/nsd/
36
37        Let's make a directory for slave zones to go into:
38
39        # mkdir slave
40        # chown nsd slave
41
42        Let's copy the default configuration file:
43
44    # cp nsd.conf.sample nsd.conf
45        # chmod 644 nsd.conf
46
47    Now edit the file nsd.conf, and make the following changes:
48
49        - find the line:
50
51                # ip-address: 12fe::8ef0
52
53        and just below it add
54
55                ip-address: 10.10.xx.2
56                ip-address: 127.0.0.1
57
58        - find the line:
59
60                # database: "/var/db/nsd/nsd.db"
61
62        and uncomment it (remove # in front):
63
64                database: "/var/db/nsd/nsd.db"
65
66        - find the line:
67       
68                # identity: "unidentified server"
69       
70        and change it to:
71
72                identity: "nsd 4.1.1"
73
74        - find the line:
75       
76                # zonesdir: "/usr/local/etc/nsd"
77
78        and change it to:
79
80                zonesdir: "/usr/local/etc/nsd"
81
82        - find the line:
83
84                # verbosity: 0
85       
86        and change it to:
87
88                verbosity: 1
89               
90        Allow the nsd-control program to manage the server by adding:
91       
92        remote-control:
93                control-enable: yes
94
95        - Now let's add a slave for your TLD zone.  Insert the following lines,
96        at the end of the file, replacing the appropriate values for your own
97        zone:
98
99- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
100zone:
101        name: "MYTLD"
102        zonefile: "slave/MYTLD.zone"
103
104        # Master server - replace X with the group of your master NS
105        allow-notify: 10.10.X.1 NOKEY
106        allow-notify: 127.0.0.1 NOKEY
107        request-xfr: AXFR 10.10.X.1 NOKEY
108
109- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
110
111
112        - Save the file, exit
113
1143. Setup the nsd-control program:
115
116        # nsd-control-setup
117
1184. Start NSD!
119
120        - edit /etc/rc.conf and add:
121
122    nsd_enable="YES"
123
124    # service nsd restart
125
126       
1275. Check the status and rebuild and reload NSD's base
128
129        # nsd-control status
130    # nsd-control write MYTLD
131        # nsd-control reload
132
133   Check the log file:
134   
135        # tail /var/log/daemon.log
136
137   Check that the transfer has happened:
138       
139        # ls -l slave/
140
141-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
142
1435. Test that your new secondary is answering:
144
145        # dig @127.0.0.1 MYTLD SOA
146
147
1486. If all is OK, add "auth2.grpXX.dns.nsrc.org" to your list of NSes in your
149   zone on the AUTH1 host - remember the serial!
150
151
152   ... when you modified the zone on AUTH1, it should have
153   sent a notify to AUTH2 regarding the zone change, and AUTH2 should
154   have picked up the new version.
155
156   To verify that AUTH2 has picked up a new copy of the zone:
157
158   # dig @auth2.grpX.dns.nsrc.org SOA MYTLD
159   # dig @auth2.grpX.dns.nsrc.org NS MYTLD
160
161   Make sure you see all NSes, including auth2.grpX !
162
163   Q: What else do you need to do to make your new NS public ?
164