Agenda: 01-dns-nsd-config.md

File 01-dns-nsd-config.md, 3.9 KB (added by Andy Linton, 6 years ago)
Line 
1Configuring NSD as SLAVE server
2===============================
3
4
5Log in using SSH/Putty/... to your AUTH2 machine:
6-------------------------------------------------
7
8        $ ssh sysadm@auth2.grpXX.dns.nsrc.org
9
10Firstly, note that your hostname is configured correctly
11on your machine.  Check that it is configured correctly by
12using the 'hostname' command
13
14e.g. on auth2.grpXX.dns.nsrc.org, if you type:
15
16        # hostname
17
18You should see:
19
20        auth2.grpXX.dns.nsrc.org
21
22If not, then configure your server with its name:
23
24e.g. for auth2.grp25.dns.nsrc.org, type:
25
26        # hostname auth2.grp25.dns.nsrc.org
27
28Remember to replace "grpXX" with the the proper group number!
29
30Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf),
31and update the "hostname":
32
33        hostname="auth2.grpXX.dns.nsrc.org"
34
35In the file /etc/hosts, you should see a line:
36
37        10.10.X.2   auth2.grpXX auth2.grpXX.dns.nsrc.org
38
39
40Configure the nsd server config
41-------------------------------
42
43        # cd /usr/local/etc/nsd/
44
45Let's make a directory for slave zones to go into:
46
47        # mkdir slave
48        # chown nsd slave
49
50Let's copy the default configuration file:
51
52        # cp nsd.conf.sample nsd.conf
53        # chmod 644 nsd.conf
54
55Now edit the file nsd.conf, and make the following changes:
56
57find the line:
58
59         # ip-address: 12fe::8ef0
60
61and just below it add
62
63        ip-address: 10.10.xx.2
64        ip-address: fd90:10:10::XX:2
65        ip-address: 127 .0.0.1
66        ip-address: ::1
67       
68find the line:
69
70        # database: "/var/db/nsd/nsd.db"
71
72and uncomment it (remove # in front):
73
74        database: "/var/db/nsd/nsd.db"
75
76find the line:
77
78        # identity: "unidentified server"
79
80and change it to:
81
82        identity: "nsd 4.1.1"
83
84find the line:
85
86        # zonesdir: "/usr/local/etc/nsd"
87
88and change it to:
89
90        zonesdir: "/usr/local/etc/nsd"
91
92find the line:
93
94        # verbosity: 0
95
96and change it to:
97
98        verbosity: 1
99       
100Allow the nsd-control program to manage the server by adding:
101
102        remote-control:
103                control-enable: yes
104               
105               
106Setup the nsd-control program
107-----------------------------
108
109        # nsd-control-setup
110
111Start NSD!
112----------
113
114edit /etc/rc.conf and add:
115
116        nsd_enable="YES"
117
118start the service:
119
120        # service nsd restart
121
122At this point the server should be running without any data!
123               
124Add a SLAVE for your TLD zone
125-----------------------------
126
127Now let's add a slave for your TLD zone.  Insert the following lines,
128at the end of the nsd.conf file, replacing the appropriate values for your own
129zone:
130
131        zone:
132                name: "MYTLD"
133                zonefile: "slave/MYTLD.zone"
134
135                # Master server - replace X with the group of your master NS
136                allow-notify: 10.10.X.1 NOKEY
137                allow-notify: 127.0.0.1 NOKEY
138                request-xfr: AXFR 10.10.X.1 NOKEY
139
140Save the file, exit
141
142
143Reconfigure NSD's base, check status and that the zone transferred:
144
145        # nsd-control reconfig
146        # nsd-control status
147        # nsd-control write MYTLD
148 
149Check the log file:
150
151        # tail /var/log/daemon.log
152
153Check that the transfer has happened:
154
155        # ls -l slave/
156
157should display:
158
159        -rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
160
161Test that your new secondary is answering
162-----------------------------------------
163
164        # dig @127.0.0.1 SOA MYTLD.
165
166Get your partner to setup their NSD server as a SLAVE for your zone
167-------------------------------------------------------------------
168
169Go back to the section "Add a SLAVE for your TLD zone" and get your partner
170to repeat the instructions on their AUTH2 server.
171 
172
173If all is OK
174------------
175
176add "auth2.grpX.dns.nsrc.org" and "auth2.grpY.dns.nsrc.org" to your list of NSes in your
177zone on the AUTH1 host - remember the serial!
178
179... when you modify the zone on AUTH1, it should send a notifies to the two AUTH2 servers
180regarding the zone change, and the AUTH2 servers should pick up the new version.
181
182To verify that the AUTH2 servers have picked up a new copy of the zone:
183
184        # dig @auth2.grpX.dns.nsrc.org SOA MYTLD.
185        # dig @auth2.grpX.dns.nsrc.org NS MYTLD.
186       
187and
188
189        # dig @auth2.grpY.dns.nsrc.org SOA MYTLD
190        # dig @auth2.grpY.dns.nsrc.org NS MYTLD
191
192Make sure you see all the NS records!
193
194Q: What else do you need to do to make your new NS public ?
195