Configuring NSD as SLAVE server =============================== Log in using SSH/Putty/... to your AUTH2 machine: ------------------------------------------------- $ ssh sysadm@auth2.grpXX.dns.nsrc.org Firstly, note that your hostname is configured correctly on your machine. Check that it is configured correctly by using the 'hostname' command e.g. on auth2.grpXX.dns.nsrc.org, if you type: # hostname You should see: auth2.grpXX.dns.nsrc.org If not, then configure your server with its name: e.g. for auth2.grp25.dns.nsrc.org, type: # hostname auth2.grp25.dns.nsrc.org Remember to replace "grpXX" with the the proper group number! Edit the file /etc/rc.conf (using "vi" or "ee", i.e.: ee /etc/rc.conf), and update the "hostname": hostname="auth2.grpXX.dns.nsrc.org" In the file /etc/hosts, you should see a line: 10.10.X.2 auth2.grpXX auth2.grpXX.dns.nsrc.org Configure the nsd server config ------------------------------- # cd /usr/local/etc/nsd/ Let's make a directory for slave zones to go into: # mkdir slave # chown nsd slave Let's copy the default configuration file: # cp nsd.conf.sample nsd.conf # chmod 644 nsd.conf Now edit the file nsd.conf, and make the following changes: find the line: # ip-address: 12fe::8ef0 and just below it add ip-address: 10.10.xx.2 ip-address: fd90:10:10::XX:2 ip-address: 127 .0.0.1 ip-address: ::1 find the line: # database: "/var/db/nsd/nsd.db" and uncomment it (remove # in front): database: "/var/db/nsd/nsd.db" find the line: # identity: "unidentified server" and change it to: identity: "nsd 4.1.1" find the line: # zonesdir: "/usr/local/etc/nsd" and change it to: zonesdir: "/usr/local/etc/nsd" find the line: # verbosity: 0 and change it to: verbosity: 1 Allow the nsd-control program to manage the server by adding: remote-control: control-enable: yes Setup the nsd-control program ----------------------------- # nsd-control-setup Start NSD! ---------- edit /etc/rc.conf and add: nsd_enable="YES" start the service: # service nsd restart At this point the server should be running without any data! Add a SLAVE for your TLD zone ----------------------------- Now let's add a slave for your TLD zone. Insert the following lines, at the end of the nsd.conf file, replacing the appropriate values for your own zone: zone: name: "MYTLD" zonefile: "slave/MYTLD.zone" # Master server - replace X with the group of your master NS allow-notify: 10.10.X.1 NOKEY allow-notify: 127.0.0.1 NOKEY request-xfr: AXFR 10.10.X.1 NOKEY Save the file, exit Reconfigure NSD's base, check status and that the zone transferred: # nsd-control reconfig # nsd-control status # nsd-control write MYTLD Check the log file: # tail /var/log/daemon.log Check that the transfer has happened: # ls -l slave/ should display: -rw-r--r-- 1 root wheel 414 Feb 17 07:28 MYTLD.zone Test that your new secondary is answering ----------------------------------------- # dig @127.0.0.1 SOA MYTLD. Get your partner to setup their NSD server as a SLAVE for your zone ------------------------------------------------------------------- Go back to the section "Add a SLAVE for your TLD zone" and get your partner to repeat the instructions on their AUTH2 server. If all is OK ------------ add "auth2.grpX.dns.nsrc.org" and "auth2.grpY.dns.nsrc.org" to your list of NSes in your zone on the AUTH1 host - remember the serial! ... when you modify the zone on AUTH1, it should send a notifies to the two AUTH2 servers regarding the zone change, and the AUTH2 servers should pick up the new version. To verify that the AUTH2 servers have picked up a new copy of the zone: # dig @auth2.grpX.dns.nsrc.org SOA MYTLD. # dig @auth2.grpX.dns.nsrc.org NS MYTLD. and # dig @auth2.grpY.dns.nsrc.org SOA MYTLD # dig @auth2.grpY.dns.nsrc.org NS MYTLD Make sure you see all the NS records! Q: What else do you need to do to make your new NS public ?