Configuring NSD

1. Log in using SSH/Putty/... to your AUTH2 machine:

    $ ssh -l adm auth2.grpXX.ws.nsrc.org

2. On AUTH2:

    # cd /usr/local/etc/nsd/

	Let's make a directory for slave zones to go into:

	# mkdir slave
	# chown bind slave

	Let's copy the default configuration file:

    # cp nsd.conf.sample nsd.conf
	# chmod 644 nsd.conf

    Now edit the file nsd.conf, and make the following changes:

	- find the line:

		# ip-address: 12fe::8ef0

	and just below it add

		ip-address: 10.10.xx.2
		ip-address: 127.0.0.1

	- find the line:

		# database: "/var/db/nsd/nsd.db"

	and uncomment it (remove # in front):

		database: "/var/db/nsd/nsd.db"

	- find the line:
	
		# identity: "unidentified server"
	
	and change it to:

		identity: "nsd 3.2.14"

	- find the line:
	
		# zonesdir: "/usr/local/etc/nsd"

	and change it to:

		zonesdir: "/usr/local/etc/nsd"

	- find the line:

		# verbosity: 0
	
	and change it to:

		verbosity: 1

	- Now let's add a slave for your TLD zone.  Insert the following lines,
	at the end of the file, replacing the appropriate values for your own
	zone:

- - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - 
zone:
	name: "MYTLD"
	zonefile: "slave/MYTLD.zone"

	# Master server - replace X with the group of your master NS
	allow-notify: 10.10.X.1 NOKEY
	allow-notify: 127.0.0.1 NOKEY
	request-xfr: AXFR 10.10.X.1 NOKEY

- - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - 


	- Save the file, exit

3. Start NSD!

	- edit /etc/rc.conf and add:

    nsd_enable="YES"

    # service nsd start 

4. Rebuild and reload NSD's base

	# nsdc patch
        # nsdc rebuild
        # nsdc update

	You will see something similar in the output:

...
warning: slave zone ocean with no zonefile 'slave/MYTLD.zone'(No such file or directory) will force zone transfer.
...

	# nsdc reload

	# tail /var/log/daemon.log

	You should see something similar:

...
Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD written received XFR from 10.10.X.1 with serial 2011027618 to disk
Feb 17 07:26:00 auth nsd[12332]: xfrd: zone MYTLD committed "xfrd: zone MYTLD received update to serial 2011027618 at time 1297898760 from 10.10.X.1 in 1 parts"
...

	Make NSD write the file to disk:

	# nsdc patch

	You should see something like:

writing zone MYTLD to file slave/MYTLD.zone

	Verify it is the case:

	# ls -l slave/

-rw-r--r--  1 root  wheel  414 Feb 17 07:28 MYTLD.zone

5. Test that your new secondary is answering:

	# dig @127.0.0.1 MYTLD SOA


6. If all is OK, add "auth2.grpX.ws.nsrc.org" to your list of NSes in your
   zone on the AUTH1 host - remember the serial!


   ... when you modified the zone on AUTH1, it should have
   sent a notify to AUTH2 regarding the zone change, and AUTH2 should
   have picked up the new version.

   To verify that AUTH2 has picked up a new copy of the zone:

   # dig @auth2.grpX.ws.nsrc.org SOA MYTLD
   # dig @auth2.grpX.ws.nsrc.org NS MYTLD

   Make sure you see all NSes, including auth2.grpX !

   Q: What else do you need to do to make your new NS public ?