| 1 | Configuring NSD as SLAVE server |
|---|
| 2 | =============================== |
|---|
| 3 | |
|---|
| 4 | |
|---|
| 5 | Log in using SSH/Putty/... to your AUTH2 machine: |
|---|
| 6 | ------------------------------------------------- |
|---|
| 7 | |
|---|
| 8 | $ ssh sysadm@auth2.grpXX.dns.nsrc.org |
|---|
| 9 | |
|---|
| 10 | Firstly, note that your hostname is configured correctly |
|---|
| 11 | on your machine. Check that it is configured correctly by |
|---|
| 12 | using the 'hostname' command |
|---|
| 13 | |
|---|
| 14 | e.g. on auth2.grpXX.dns.nsrc.org, if you type: |
|---|
| 15 | |
|---|
| 16 | # hostname |
|---|
| 17 | |
|---|
| 18 | You should see: |
|---|
| 19 | |
|---|
| 20 | auth2.grpXX.dns.nsrc.org |
|---|
| 21 | |
|---|
| 22 | If not, then configure your server with its name: |
|---|
| 23 | |
|---|
| 24 | e.g. for auth2.grp25.dns.nsrc.org, type: |
|---|
| 25 | |
|---|
| 26 | # hostname auth2.grp25.dns.nsrc.org |
|---|
| 27 | |
|---|
| 28 | Remember to replace "grpXX" with the the proper group number! |
|---|
| 29 | |
|---|
| 30 | Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf), |
|---|
| 31 | and update the "hostname": |
|---|
| 32 | |
|---|
| 33 | hostname="auth2.grpXX.dns.nsrc.org" |
|---|
| 34 | |
|---|
| 35 | In the file /etc/hosts, you should see a line: |
|---|
| 36 | |
|---|
| 37 | 10.10.X.2 auth2.grpXX auth2.grpXX.dns.nsrc.org |
|---|
| 38 | |
|---|
| 39 | |
|---|
| 40 | Configure the nsd server config |
|---|
| 41 | ------------------------------- |
|---|
| 42 | |
|---|
| 43 | # cd /usr/local/etc/nsd/ |
|---|
| 44 | |
|---|
| 45 | Let's make a directory for slave zones to go into: |
|---|
| 46 | |
|---|
| 47 | # mkdir slave |
|---|
| 48 | # chown nsd slave |
|---|
| 49 | |
|---|
| 50 | Let's copy the default configuration file: |
|---|
| 51 | |
|---|
| 52 | # cp nsd.conf.sample nsd.conf |
|---|
| 53 | # chmod 644 nsd.conf |
|---|
| 54 | |
|---|
| 55 | Now edit the file nsd.conf, and make the following changes: |
|---|
| 56 | |
|---|
| 57 | find the line: |
|---|
| 58 | |
|---|
| 59 | # ip-address: 12fe::8ef0 |
|---|
| 60 | |
|---|
| 61 | and just below it add |
|---|
| 62 | |
|---|
| 63 | ip-address: 10.10.xx.2 |
|---|
| 64 | ip-address: fd90:10:10::XX:2 |
|---|
| 65 | ip-address: 127 .0.0.1 |
|---|
| 66 | ip-address: ::1 |
|---|
| 67 | |
|---|
| 68 | find the line: |
|---|
| 69 | |
|---|
| 70 | # database: "/var/db/nsd/nsd.db" |
|---|
| 71 | |
|---|
| 72 | and uncomment it (remove # in front): |
|---|
| 73 | |
|---|
| 74 | database: "/var/db/nsd/nsd.db" |
|---|
| 75 | |
|---|
| 76 | find the line: |
|---|
| 77 | |
|---|
| 78 | # identity: "unidentified server" |
|---|
| 79 | |
|---|
| 80 | and change it to: |
|---|
| 81 | |
|---|
| 82 | identity: "nsd 4.1.1" |
|---|
| 83 | |
|---|
| 84 | find the line: |
|---|
| 85 | |
|---|
| 86 | # zonesdir: "/usr/local/etc/nsd" |
|---|
| 87 | |
|---|
| 88 | and change it to: |
|---|
| 89 | |
|---|
| 90 | zonesdir: "/usr/local/etc/nsd" |
|---|
| 91 | |
|---|
| 92 | find the line: |
|---|
| 93 | |
|---|
| 94 | # verbosity: 0 |
|---|
| 95 | |
|---|
| 96 | and change it to: |
|---|
| 97 | |
|---|
| 98 | verbosity: 1 |
|---|
| 99 | |
|---|
| 100 | Allow the nsd-control program to manage the server by adding: |
|---|
| 101 | |
|---|
| 102 | remote-control: |
|---|
| 103 | control-enable: yes |
|---|
| 104 | |
|---|
| 105 | |
|---|
| 106 | Setup the nsd-control program |
|---|
| 107 | ----------------------------- |
|---|
| 108 | |
|---|
| 109 | # nsd-control-setup |
|---|
| 110 | |
|---|
| 111 | Start NSD! |
|---|
| 112 | ---------- |
|---|
| 113 | |
|---|
| 114 | edit /etc/rc.conf and add: |
|---|
| 115 | |
|---|
| 116 | nsd_enable="YES" |
|---|
| 117 | |
|---|
| 118 | start the service: |
|---|
| 119 | |
|---|
| 120 | # service nsd restart |
|---|
| 121 | |
|---|
| 122 | At this point the server should be running without any data! |
|---|
| 123 | |
|---|
| 124 | Add a SLAVE for your TLD zone |
|---|
| 125 | ----------------------------- |
|---|
| 126 | |
|---|
| 127 | Now let's add a slave for your TLD zone. Insert the following lines, |
|---|
| 128 | at the end of the nsd.conf file, replacing the appropriate values for your own |
|---|
| 129 | zone: |
|---|
| 130 | |
|---|
| 131 | zone: |
|---|
| 132 | name: "MYTLD" |
|---|
| 133 | zonefile: "slave/MYTLD.zone" |
|---|
| 134 | |
|---|
| 135 | # Master server - replace X with the group of your master NS |
|---|
| 136 | allow-notify: 10.10.X.1 NOKEY |
|---|
| 137 | allow-notify: 127.0.0.1 NOKEY |
|---|
| 138 | request-xfr: AXFR 10.10.X.1 NOKEY |
|---|
| 139 | |
|---|
| 140 | Save the file, exit |
|---|
| 141 | |
|---|
| 142 | |
|---|
| 143 | Reconfigure NSD's base, check status and that the zone transferred: |
|---|
| 144 | |
|---|
| 145 | # nsd-control reconfig |
|---|
| 146 | # nsd-control status |
|---|
| 147 | # nsd-control write MYTLD |
|---|
| 148 | |
|---|
| 149 | Check the log file: |
|---|
| 150 | |
|---|
| 151 | # tail /var/log/daemon.log |
|---|
| 152 | |
|---|
| 153 | Check that the transfer has happened: |
|---|
| 154 | |
|---|
| 155 | # ls -l slave/ |
|---|
| 156 | |
|---|
| 157 | should display: |
|---|
| 158 | |
|---|
| 159 | -rw-r--r-- 1 root wheel 414 Feb 17 07:28 MYTLD.zone |
|---|
| 160 | |
|---|
| 161 | Test that your new secondary is answering |
|---|
| 162 | ----------------------------------------- |
|---|
| 163 | |
|---|
| 164 | # dig @127.0.0.1 SOA MYTLD. |
|---|
| 165 | |
|---|
| 166 | Get your partner to setup their NSD server as a SLAVE for your zone |
|---|
| 167 | ------------------------------------------------------------------- |
|---|
| 168 | |
|---|
| 169 | Go back to the section "Add a SLAVE for your TLD zone" and get your partner |
|---|
| 170 | to repeat the instructions on their AUTH2 server. |
|---|
| 171 | |
|---|
| 172 | |
|---|
| 173 | If all is OK |
|---|
| 174 | ------------ |
|---|
| 175 | |
|---|
| 176 | add "auth2.grpX.dns.nsrc.org" and "auth2.grpY.dns.nsrc.org" to your list of NSes in your |
|---|
| 177 | zone on the AUTH1 host - remember the serial! |
|---|
| 178 | |
|---|
| 179 | ... when you modify the zone on AUTH1, it should send a notifies to the two AUTH2 servers |
|---|
| 180 | regarding the zone change, and the AUTH2 servers should pick up the new version. |
|---|
| 181 | |
|---|
| 182 | To verify that the AUTH2 servers have picked up a new copy of the zone: |
|---|
| 183 | |
|---|
| 184 | # dig @auth2.grpX.dns.nsrc.org SOA MYTLD. |
|---|
| 185 | # dig @auth2.grpX.dns.nsrc.org NS MYTLD. |
|---|
| 186 | |
|---|
| 187 | and |
|---|
| 188 | |
|---|
| 189 | # dig @auth2.grpY.dns.nsrc.org SOA MYTLD |
|---|
| 190 | # dig @auth2.grpY.dns.nsrc.org NS MYTLD |
|---|
| 191 | |
|---|
| 192 | Make sure you see all the NS records! |
|---|
| 193 | |
|---|
| 194 | Q: What else do you need to do to make your new NS public ? |
|---|
| 195 | |
|---|