| 1 | Configuring NSD |
|---|
| 2 | |
|---|
| 3 | 1. Log into your AUTH2 machine (10.10.X.2) and : |
|---|
| 4 | |
|---|
| 5 | # cd /usr/local/etc/nsd/ |
|---|
| 6 | |
|---|
| 7 | Now edit the file nsd.conf, and make the following changes: |
|---|
| 8 | |
|---|
| 9 | - find the line: |
|---|
| 10 | |
|---|
| 11 | # verbosity: 0 |
|---|
| 12 | |
|---|
| 13 | and change it to: |
|---|
| 14 | |
|---|
| 15 | verbosity: 1 |
|---|
| 16 | |
|---|
| 17 | - Now let's add a slave for your TLD zone. Insert the following lines, |
|---|
| 18 | at the end of the file, replacing the appropriate values for your own |
|---|
| 19 | zone: |
|---|
| 20 | |
|---|
| 21 | - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - |
|---|
| 22 | zone: |
|---|
| 23 | name: "MYTLD" |
|---|
| 24 | zonefile: "MYTLD" |
|---|
| 25 | |
|---|
| 26 | # Master server - replace X with the group of your master NS |
|---|
| 27 | allow-notify: 10.10.X.1 NOKEY |
|---|
| 28 | allow-notify: 127.0.0.1 NOKEY |
|---|
| 29 | request-xfr: AXFR 10.10.X.1 NOKEY |
|---|
| 30 | |
|---|
| 31 | - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - |
|---|
| 32 | |
|---|
| 33 | - find the line: |
|---|
| 34 | |
|---|
| 35 | port: 55 |
|---|
| 36 | |
|---|
| 37 | and change it to: |
|---|
| 38 | |
|---|
| 39 | port: 53 |
|---|
| 40 | |
|---|
| 41 | - Save the file, exit |
|---|
| 42 | |
|---|
| 43 | |
|---|
| 44 | 2. Start NSD! |
|---|
| 45 | |
|---|
| 46 | # nsd -c /usr/local/etc/nsd/nsd.conf |
|---|
| 47 | |
|---|
| 48 | and check that nsd is running with |
|---|
| 49 | |
|---|
| 50 | # tail /etc/namedb/master/nsd.log |
|---|
| 51 | # ps ax | grep nsd |
|---|
| 52 | |
|---|
| 53 | |
|---|
| 54 | 3. Test that your new secondary is answering: |
|---|
| 55 | |
|---|
| 56 | # dig @127.0.0.1 MYTLD SOA |
|---|
| 57 | |
|---|
| 58 | 4. Controlling NSD |
|---|
| 59 | |
|---|
| 60 | To cause the NSD daemon to reload the zone: |
|---|
| 61 | |
|---|
| 62 | # kill -HUP `cat /etc/namedb/master/nsd.pid` |
|---|
| 63 | |
|---|
| 64 | To stop the NSD program: |
|---|
| 65 | |
|---|
| 66 | # kill `cat /etc/namedb/master/nsd.pid` |
|---|
| 67 | |
|---|
| 68 | To check if it is running: |
|---|
| 69 | |
|---|
| 70 | # ps ax | grep nsd |
|---|
| 71 | |
|---|
| 72 | |
|---|
| 73 | 5. If all is OK, add "auth2.grpX.dns.nsrc.org" to your list of NSes in |
|---|
| 74 | your zone file on the AUTH1 host |
|---|
| 75 | |
|---|
| 76 | - remember to increment the serial! |
|---|
| 77 | |
|---|
| 78 | ... when you modified the zone on AUTH1, it should have |
|---|
| 79 | sent a notify to auth2.grpX.dns.nsrc.org regarding the |
|---|
| 80 | zone change, and it should have picked up the new version. |
|---|
| 81 | |
|---|
| 82 | To verify that auth2.grpX.dns.nsrc.org has picked up a new copy of the zone: |
|---|
| 83 | |
|---|
| 84 | # dig @auth2.grpX.dns.nsrc.org SOA MYTLD |
|---|
| 85 | # dig @auth2.grpX.dns.nsrc.org NS MYTLD |
|---|
| 86 | |
|---|
| 87 | (and check your other slave NS as well) |
|---|
| 88 | |
|---|
| 89 | Make sure you see all NSes, including auth2.grpX ! |
|---|
| 90 | |
|---|
| 91 | Q: What else do you need to do to make your new NS public ? |
|---|
| 92 | |
|---|
| 93 | (hint: dig @a.root-servers.net NS MYTLD ) |
|---|
