Agenda: dns-nsd-config.txt

File dns-nsd-config.txt, 3.0 KB (added by admin, 6 years ago)
Line 
1Configuring NSD
2
31. Log in using SSH/Putty/... to your AUTH2 machine:
4
5    $ ssh -l adm auth2.grpXX.ws.nsrc.org
6
72. On AUTH2:
8
9    # cd /usr/local/etc/nsd/
10
11        Let's make a directory for slave zones to go into:
12
13        # mkdir slave
14        # chown bind slave
15
16        Let's copy the default configuration file:
17
18    # cp nsd.conf.sample nsd.conf
19        # chmod 644 nsd.conf
20
21    Now edit the file nsd.conf, and make the following changes:
22
23        - find the line:
24
25                # ip-address: 12fe::8ef0
26
27        and just below it add
28
29                ip-address: 10.10.xx.2
30                ip-address: 127.0.0.1
31
32        - find the line:
33
34                # database: "/var/db/nsd/nsd.db"
35
36        and uncomment it (remove # in front):
37
38                database: "/var/db/nsd/nsd.db"
39
40        - find the line:
41       
42                # identity: "unidentified server"
43       
44        and change it to:
45
46                identity: "nsd 3.2.14"
47
48        - find the line:
49       
50                # zonesdir: "/usr/local/etc/nsd"
51
52        and change it to:
53
54                zonesdir: "/usr/local/etc/nsd"
55
56        - find the line:
57
58                # verbosity: 0
59       
60        and change it to:
61
62                verbosity: 1
63
64        - Now let's add a slave for your TLD zone.  Insert the following lines,
65        at the end of the file, replacing the appropriate values for your own
66        zone:
67
68- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - -
69zone:
70        name: "MYTLD"
71        zonefile: "slave/MYTLD.zone"
72
73        # Master server - replace X with the group of your master NS
74        allow-notify: 10.10.X.1 NOKEY
75        allow-notify: 127.0.0.1 NOKEY
76        request-xfr: AXFR 10.10.X.1 NOKEY
77
78- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - -
79
80
81        - Save the file, exit
82
833. Start NSD!
84
85        - edit /etc/rc.conf and add:
86
87    nsd_enable="YES"
88
89    # service nsd start
90
914. Rebuild and reload NSD's base
92
93        # nsdc patch
94        # nsdc rebuild
95        # nsdc update
96
97        You will see something similar in the output:
98
99...
100warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer.
101...
102
103        # nsdc reload
104
105        # tail /var/log/daemon.log
106
107        You should see something similar:
108
109...
110Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.10.X.1 with serial 2011027618 to disk
111Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.10.X.1 in 1 parts"
112...
113
114        Make NSD write the file to disk:
115
116        # nsdc patch
117
118        You should see something like:
119
120writing zone MYTLD to file slave/MYTLD.zone
121
122        Verify it is the case:
123
124        # ls -l slave/
125
126-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone
127
1285. Test that your new secondary is answering:
129
130        # dig @127.0.0.1 MYTLD SOA
131
132
1336. If all is OK, add "auth2.grpX.ws.nsrc.org" to your list of NSes in your
134   zone on the AUTH1 host - remember the serial!
135
136
137   ... when you modified the zone on AUTH1, it should have
138   sent a notify to AUTH2 regarding the zone change, and AUTH2 should
139   have picked up the new version.
140
141   To verify that AUTH2 has picked up a new copy of the zone:
142
143   # dig @auth2.grpX.ws.nsrc.org SOA MYTLD
144   # dig @auth2.grpX.ws.nsrc.org NS MYTLD
145
146   Make sure you see all NSes, including auth2.grpX !
147
148   Q: What else do you need to do to make your new NS public ?
149