Configuring NSD 1. Log in using SSH/Putty/... to your AUTH2 machine: $ ssh sysadm@auth2.grpXX.dns.nsrc.org Firstly, note that your hostname is configured correctly on your machine. Check that it is configured correctly by using the 'hostname' command - e.g. on auth210.10.grpXX.dns.nsrc.org, if you type: # hostname You should see: auth2.grpXX.dns.nsrc.org If not, then configure your server with its name: e.g. for auth2.grp25.dns.nsrc.org, type: # hostname auth2.grp25.dns.nsrc.org Remember to replace "grpXX" with the the proper group number! Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf), and update the "hostname": hostname="auth2.grpXX.dns.nsrc.org" In the file /etc/hosts, you should see a line: 10.10.X.2 auth2.grpXX auth2.grpXX.dns.nsrc.org 2. On AUTH2: # cd /usr/local/etc/nsd/ Let's make a directory for slave zones to go into: # mkdir slave # chown nsd slave Let's copy the default configuration file: # cp nsd.conf.sample nsd.conf # chmod 644 nsd.conf Now edit the file nsd.conf, and make the following changes: - find the line: # ip-address: 12fe::8ef0 and just below it add ip-address: 10.10.xx.2 ip-address: 127.0.0.1 - find the line: # database: "/var/db/nsd/nsd.db" and uncomment it (remove # in front): database: "/var/db/nsd/nsd.db" - find the line: # identity: "unidentified server" and change it to: identity: "nsd 4.1.1" - find the line: # zonesdir: "/usr/local/etc/nsd" and change it to: zonesdir: "/usr/local/etc/nsd" - find the line: # verbosity: 0 and change it to: verbosity: 1 Allow the nsd-control program to manage the server by adding: remote-control: control-enable: yes - Now let's add a slave for your TLD zone. Insert the following lines, at the end of the file, replacing the appropriate values for your own zone: - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - zone: name: "MYTLD" zonefile: "slave/MYTLD.zone" # Master server - replace X with the group of your master NS allow-notify: 10.10.X.1 NOKEY allow-notify: 127.0.0.1 NOKEY request-xfr: AXFR 10.10.X.1 NOKEY - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - - Save the file, exit 3. Setup the nsd-control program: # nsd-control-setup 4. Start NSD! - edit /etc/rc.conf and add: nsd_enable="YES" # service nsd restart 5. Check the status and rebuild and reload NSD's base # nsd-control status # nsd-control write MYTLD # nsd-control reload Check the log file: # tail /var/log/daemon.log Check that the transfer has happened: # ls -l slave/ -rw-r--r-- 1 root wheel 414 Feb 17 07:28 MYTLD.zone 5. Test that your new secondary is answering: # dig @127.0.0.1 MYTLD SOA 6. If all is OK, add "auth2.grpXX.dns.nsrc.org" to your list of NSes in your zone on the AUTH1 host - remember the serial! ... when you modified the zone on AUTH1, it should have sent a notify to AUTH2 regarding the zone change, and AUTH2 should have picked up the new version. To verify that AUTH2 has picked up a new copy of the zone: # dig @auth2.grpX.dns.nsrc.org SOA MYTLD # dig @auth2.grpX.dns.nsrc.org NS MYTLD Make sure you see all NSes, including auth2.grpX ! Q: What else do you need to do to make your new NS public ?