Agenda: dns-nsd-config.txt

File dns-nsd-config.txt, 3.0 KB (added by admin, 7 years ago)
Line 
1Configuring NSD
2
31. Log in using SSH/Putty/... to your AUTH machine:
4
5    $ ssh -l adm auth.grpXX.ws.nsrc.org
6
72. On AUTH:
8
9    # cd /usr/local/etc/nsd/
10
11        Let's make a directory for slave zones to go into:
12
13        # mkdir slave
14        # chown bind slave
15
16        Let's copy the default configuration file:
17
18    # cp nsd.conf.sample nsd.conf
19        # chmod 644 nsd.conf
20
21    Now edit the file nsd.conf, and make the following changes:
22
23        - find the line:
24
25                # ip-address: 12fe::8ef0
26
27        and just below it add
28
29                ip-address: 10.10.XX.3
30
31        - find the line:
32
33                # database: "/var/db/nsd/nsd.db"
34
35        and uncomment it (remove # in front):
36
37                database: "/var/db/nsd/nsd.db"
38
39        - find the line:
40       
41                # identity: "unidentified server"
42       
43        and change it to:
44
45                identity: "nsd 3.2.8"
46
47        - find the line:
48       
49                # zonesdir: "/usr/local/etc/nsd"
50
51        and change it to:
52
53                zonesdir: "/usr/local/etc/nsd"
54
55        - find the line:
56
57                # verbosity: 0
58       
59        and change it to:
60
61                verbosity: 1
62
63        - Now let's add a slave for your TLD zone.  Insert the following lines,
64        at the end of the file, replacing the appropriate values for your own
65        zone:
66
67- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
68zone:
69        name: "MYTLD"
70        zonefile: "slave/MYTLD.zone"
71
72        # Master server - replace X with the group of your master NS
73        allow-notify: 10.10.X.1 NOKEY
74        allow-notify: 127.0.0.1 NOKEY
75        request-xfr: AXFR 10.10.X.1 NOKEY
76
77- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
78
79
80        - Save the file, exit
81
823. Start NSD!
83
84        - edit /etc/rc.conf and add:
85
86    nsd_enable="YES"
87
88    # /usr/local/etc/rc.d/nsd start
89
904. Rebuild and reload NSD's base
91
92        # nsdc patch
93        # nsdc rebuild
94        # nsdc update
95
96        You will see something similar in the output:
97
98...
99warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer.
100...
101
102        # nsdc reload
103
104        # tail /var/log/daemon.log
105
106        You should see something similar:
107
108...
109Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.10.X.1 with serial 2011027618 to disk
110Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.10.X.1 in 1 parts"
111...
112
113        Make NSD write the file to disk:
114
115        # nsdc patch
116
117        You should see something like:
118
119writing zone MYTLD to file slave/MYTLD.zone
120
121        Verify it is the case:
122
123        # ls -l slave/
124
125-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
126
1275. Test that your new secondary is answering:
128
129        # dig @127.0.0.1 MYTLD SOA
130
131
1326. If all is OK, add "auth.grpX.ws.nsrc.org" to your list of NSes in your
133   zone on the MASTER host - remember the serial!
134
135
136   ... when you modified the zone on MASTER, it should have
137   sent a notify to AUTH regarding the zone change, and AUTH should
138   have picked up the new version.
139
140   To verify that AUTH has picked up a new copy of the zone:
141
142   # dig @auth.grpX.ws.nsrc.org SOA MYTLD
143   # dig @auth.grpX.ws.nsrc.org NS MYTLD
144
145   Make sure you see all NSes, including auth.grpX !
146
147   Q: What else do you need to do to make your new NS public ?
148