Agenda: dns-nsd-config.txt

File dns-nsd-config.txt, 2.8 KB (added by regnauld, 8 years ago)

dns-nsd-config.txt

Line 
1Configuring NSD
2
31. Log in using SSH/Putty/... to your AUTH machine:
4
5    $ ssh -l adm auth.grpXX.ws.nsrc.org
6
72. On AUTH:
8
9    # cd /usr/local/etc/nsd/
10
11        Let's make a directory for slave zones to go into:
12
13        # mkdir slave
14        # chown bind slave
15
16        Let's copy the default configuration file:
17
18    # cp nsd.conf.sample nsd.conf
19        # chmod 644 nsd.conf
20
21    Now edit the file nsd.conf, and make the following changes:
22
23        - find the line:
24
25                # database: "/var/db/nsd/nsd.db"
26
27        and uncomment it (remove # in front):
28
29                database: "/var/db/nsd/nsd.db"
30
31        - fid the line:
32       
33                # identity: "unidentified server"
34       
35        and change it to:
36
37                identity: "nsd 3.2.7"
38
39        - find the line:
40       
41                # zonesdir: "/usr/local/etc/nsd"
42
43        and change it to:
44
45                zonesdir: "/usr/local/etc/nsd"
46
47        - find the line:
48
49                # verbosity: 0
50       
51        and change it to:
52
53                verbosity: 1
54
55        - Now let's add a slave for your TLD zone.  Insert the following lines,
56        at the end of the file, replacing the appropriate values for your own
57        zone:
58
59- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
60zone:
61        name: "MYTLD"
62        zonefile: "slave/MYTLD.zone"
63
64        # Master server - replace X with the group of your master NS
65        allow-notify: 10.10.X.1 NOKEY
66        request-xfr: AXFR 10.10.X.1 NOKEY
67
68- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
69
70
71        - Save the file, exit
72
733. Start NSD!
74
75        - edit /etc/rc.conf and add:
76
77    nsd_enable="YES"
78
79    # /usr/local/etc/rc.d/nsd start
80
814. Rebuild and reload NSD's base
82
83        # nsdc rebuild
84
85        You will see something similar in the output:
86
87...
88warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer.
89...
90
91        # nsdc reload
92
93        # tail /var/log/daemon.log
94
95        You should see something similar:
96
97...
98Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.10.X.1 with serial 2011027618 to disk
99Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.10.X.1 in 1 parts"
100...
101
102        Make NSD write the file to disk:
103
104        # nsdc patch
105
106        You should see something like:
107
108writing zone MYTLD to file slave/MYTLD.zone
109
110        Verify it is the case:
111
112        # ls -l slave/
113
114-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
115
1165. Test that your new secondary is answering:
117
118        # dig @127.0.0.1 MYTLD SOA
119
120
1216. If all is OK, add "auth.grpX.ws.nsrc.org" to your list of NSes in your
122   zone on the MASTER host - remember the serial!
123
124
125   ... when you modified the zone on MASTER, it should have
126   sent a notify to AUTH regarding the zone change, and AUTH should
127   have picked up the new version.
128
129   To verify that AUTH has picked up a new copy of the zone:
130
131   # dig @auth.grpX.ws.nsrc.org SOA MYTLD
132   # dig @auth.grpX.ws.nsrc.org NS MYTLD
133
134   Make sure you see all NSes, including auth.grpX !
135
136   Q: What else do you need to do to make your new NS public ?
137