1 | Configuring NSD as SLAVE server |
---|
2 | =============================== |
---|
3 | |
---|
4 | |
---|
5 | Log in using SSH/Putty/... to your AUTH2 machine: |
---|
6 | ------------------------------------------------- |
---|
7 | |
---|
8 | $ ssh sysadm@auth2.grpXX.dns.nsrc.org |
---|
9 | |
---|
10 | Firstly, note that your hostname is configured correctly |
---|
11 | on your machine. Check that it is configured correctly by |
---|
12 | using the 'hostname' command |
---|
13 | |
---|
14 | e.g. on auth2.grpXX.dns.nsrc.org, if you type: |
---|
15 | |
---|
16 | # hostname |
---|
17 | |
---|
18 | You should see: |
---|
19 | |
---|
20 | auth2.grpXX.dns.nsrc.org |
---|
21 | |
---|
22 | If not, then configure your server with its name: |
---|
23 | |
---|
24 | e.g. for auth2.grp25.dns.nsrc.org, type: |
---|
25 | |
---|
26 | # hostname auth2.grp25.dns.nsrc.org |
---|
27 | |
---|
28 | Remember to replace "grpXX" with the the proper group number! |
---|
29 | |
---|
30 | Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf), |
---|
31 | and update the "hostname": |
---|
32 | |
---|
33 | hostname="auth2.grpXX.dns.nsrc.org" |
---|
34 | |
---|
35 | In the file /etc/hosts, you should see a line: |
---|
36 | |
---|
37 | 10.10.X.2 auth2.grpXX auth2.grpXX.dns.nsrc.org |
---|
38 | |
---|
39 | |
---|
40 | Configure the nsd server config |
---|
41 | ------------------------------- |
---|
42 | |
---|
43 | # cd /usr/local/etc/nsd/ |
---|
44 | |
---|
45 | Let's make a directory for slave zones to go into: |
---|
46 | |
---|
47 | # mkdir slave |
---|
48 | # chown nsd slave |
---|
49 | |
---|
50 | Let's copy the default configuration file: |
---|
51 | |
---|
52 | # cp nsd.conf.sample nsd.conf |
---|
53 | # chmod 644 nsd.conf |
---|
54 | |
---|
55 | Now edit the file nsd.conf, and make the following changes: |
---|
56 | |
---|
57 | find the line: |
---|
58 | |
---|
59 | # ip-address: 12fe::8ef0 |
---|
60 | |
---|
61 | and just below it add |
---|
62 | |
---|
63 | ip-address: 10.10.xx.2 |
---|
64 | ip-address: fd90:10:10::XX:2 |
---|
65 | ip-address: 127 .0.0.1 |
---|
66 | ip-address: ::1 |
---|
67 | |
---|
68 | find the line: |
---|
69 | |
---|
70 | # database: "/var/db/nsd/nsd.db" |
---|
71 | |
---|
72 | and uncomment it (remove # in front): |
---|
73 | |
---|
74 | database: "/var/db/nsd/nsd.db" |
---|
75 | |
---|
76 | find the line: |
---|
77 | |
---|
78 | # identity: "unidentified server" |
---|
79 | |
---|
80 | and change it to: |
---|
81 | |
---|
82 | identity: "nsd 4.1.1" |
---|
83 | |
---|
84 | find the line: |
---|
85 | |
---|
86 | # zonesdir: "/usr/local/etc/nsd" |
---|
87 | |
---|
88 | and change it to: |
---|
89 | |
---|
90 | zonesdir: "/usr/local/etc/nsd" |
---|
91 | |
---|
92 | find the line: |
---|
93 | |
---|
94 | # verbosity: 0 |
---|
95 | |
---|
96 | and change it to: |
---|
97 | |
---|
98 | verbosity: 1 |
---|
99 | |
---|
100 | Allow the nsd-control program to manage the server by adding: |
---|
101 | |
---|
102 | remote-control: |
---|
103 | control-enable: yes |
---|
104 | |
---|
105 | |
---|
106 | Setup the nsd-control program |
---|
107 | ----------------------------- |
---|
108 | |
---|
109 | # nsd-control-setup |
---|
110 | |
---|
111 | Start NSD! |
---|
112 | ---------- |
---|
113 | |
---|
114 | edit /etc/rc.conf and add: |
---|
115 | |
---|
116 | nsd_enable="YES" |
---|
117 | |
---|
118 | start the service: |
---|
119 | |
---|
120 | # service nsd restart |
---|
121 | |
---|
122 | At this point the server should be running without any data! |
---|
123 | |
---|
124 | Add a SLAVE for your TLD zone |
---|
125 | ----------------------------- |
---|
126 | |
---|
127 | Now let's add a slave for your TLD zone. Insert the following lines, |
---|
128 | at the end of the nsd.conf file, replacing the appropriate values for your own |
---|
129 | zone: |
---|
130 | |
---|
131 | zone: |
---|
132 | name: "MYTLD" |
---|
133 | zonefile: "slave/MYTLD.zone" |
---|
134 | |
---|
135 | # Master server - replace X with the group of your master NS |
---|
136 | allow-notify: 10.10.X.1 NOKEY |
---|
137 | allow-notify: 127.0.0.1 NOKEY |
---|
138 | request-xfr: AXFR 10.10.X.1 NOKEY |
---|
139 | |
---|
140 | Save the file, exit |
---|
141 | |
---|
142 | |
---|
143 | Reconfigure NSD's base, check status and that the zone transferred: |
---|
144 | |
---|
145 | # nsd-control reconfig |
---|
146 | # nsd-control status |
---|
147 | # nsd-control write MYTLD |
---|
148 | |
---|
149 | Check the log file: |
---|
150 | |
---|
151 | # tail /var/log/daemon.log |
---|
152 | |
---|
153 | Check that the transfer has happened: |
---|
154 | |
---|
155 | # ls -l slave/ |
---|
156 | |
---|
157 | should display: |
---|
158 | |
---|
159 | -rw-r--r-- 1 root wheel 414 Feb 17 07:28 MYTLD.zone |
---|
160 | |
---|
161 | Test that your new secondary is answering |
---|
162 | ----------------------------------------- |
---|
163 | |
---|
164 | # dig @127.0.0.1 SOA MYTLD. |
---|
165 | |
---|
166 | Get your partner to setup their NSD server as a SLAVE for your zone |
---|
167 | ------------------------------------------------------------------- |
---|
168 | |
---|
169 | Go back to the section "Add a SLAVE for your TLD zone" and get your partner |
---|
170 | to repeat the instructions on their AUTH2 server. |
---|
171 | |
---|
172 | |
---|
173 | If all is OK |
---|
174 | ------------ |
---|
175 | |
---|
176 | add "auth2.grpX.dns.nsrc.org" and "auth2.grpY.dns.nsrc.org" to your list of NSes in your |
---|
177 | zone on the AUTH1 host - remember the serial! |
---|
178 | |
---|
179 | ... when you modify the zone on AUTH1, it should send a notifies to the two AUTH2 servers |
---|
180 | regarding the zone change, and the AUTH2 servers should pick up the new version. |
---|
181 | |
---|
182 | To verify that the AUTH2 servers have picked up a new copy of the zone: |
---|
183 | |
---|
184 | # dig @auth2.grpX.dns.nsrc.org SOA MYTLD. |
---|
185 | # dig @auth2.grpX.dns.nsrc.org NS MYTLD. |
---|
186 | |
---|
187 | and |
---|
188 | |
---|
189 | # dig @auth2.grpY.dns.nsrc.org SOA MYTLD |
---|
190 | # dig @auth2.grpY.dns.nsrc.org NS MYTLD |
---|
191 | |
---|
192 | Make sure you see all the NS records! |
---|
193 | |
---|
194 | Q: What else do you need to do to make your new NS public ? |
---|
195 | |
---|