Setting up nsd DNS server: Difference between revisions
mNo edit summary |
(replace /etc/init.d with rc-service) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[ | [https://www.nlnetlabs.nl/projects/nsd/about/ NSD] is an authoritative-only DNS server. The following page shows how to setup a single-zone configuration, with one server being a master where updates are made, and a slave which will have changes replicated to it automatically. In the examples 10.1.0.1 is used as the master server's IP address, 10.2.0.1 is the slave address. The IP addresses used here (along with the domain) should be replaced with the IP addresses of your servers. | ||
= Install = | = Install = | ||
Line 28: | Line 28: | ||
provide-xfr: 10.2.0.1 sec_key | provide-xfr: 10.2.0.1 sec_key | ||
</pre> | </pre> | ||
Next create the zone file for the zone in question (/etc/nsd/alpinelinux.org.zone in this case): | |||
<pre> | <pre> | ||
Line 71: | Line 71: | ||
</pre> | </pre> | ||
On the slave server, set up /etc/nsd/nsd.conf: | |||
<pre> | <pre> | ||
server: | server: | ||
Line 91: | Line 91: | ||
request-xfr: AXFR 10.1.0.1 sec_key | request-xfr: AXFR 10.1.0.1 sec_key | ||
</pre> | </pre> | ||
Create the zone file /etc/nsd/alpinelinux.org.zone as well on the slave. | Create the zone file /etc/nsd/alpinelinux.org.zone as well, on the slave. | ||
= Start Server = | = Start Server = | ||
First step, make sure you | First step, make sure you don't have any typos in your configurations (on both boxes): | ||
{{Cmd|nsd-checkconf /etc/nsd/nsd.conf}} | {{Cmd|nsd-checkconf /etc/nsd/nsd.conf}} | ||
Then each time a change is made to the zone (including when you first start the server), you need to rebuild the NSD zone databases: | Then each time a change is made to the zone (including when you first start the server), you need to rebuild the NSD zone databases: | ||
{{Cmd|nsdc rebuild}} | {{Cmd|nsdc rebuild}} | ||
Finally, start the server and set it to auto-start: | Finally, start the server and set it to auto-start: | ||
{{Cmd| | {{Cmd|rc-service nsd start | ||
rc-update add nsd}} | rc-update add nsd}} | ||
Latest revision as of 10:32, 17 November 2023
NSD is an authoritative-only DNS server. The following page shows how to setup a single-zone configuration, with one server being a master where updates are made, and a slave which will have changes replicated to it automatically. In the examples 10.1.0.1 is used as the master server's IP address, 10.2.0.1 is the slave address. The IP addresses used here (along with the domain) should be replaced with the IP addresses of your servers.
Install
Installation is simple (perform this step on both servers):
apk add nsd
Configure
First, setup the main configuration file on the master server, /etc/nsd/nsd.conf, replacing the secret with a proper one:
server: ip-address: 10.1.0.1 port: 53 server-count: 1 ip4-only: yes hide-version: yes identity: "" zonesdir: "/etc/nsd" key: name: "sec_key" algorithm: hmac-md5 secret: "WhateverSecretYouUse" zone: name: alpinelinux.org zonefile: alpinelinux.org.zone notify: 10.2.0.1 sec_key provide-xfr: 10.2.0.1 sec_key
Next create the zone file for the zone in question (/etc/nsd/alpinelinux.org.zone in this case):
;## alpinelinux.org authoritative zone $ORIGIN alpinelinux.org. $TTL 86400 @ IN SOA ns1.alpinelinux.org. webmaster.alpinelinux.org. ( 2011100501 ; serial 28800 ; refresh 7200 ; retry 86400 ; expire 86400 ; min TTL ) NS ns1.alpinelinux.org. MX 10 mail.alpinelinux.org. lists MX 10 mail.alpinelinux.org. @ IN A 81.175.82.11 mail IN A 64.56.207.219 www IN A 81.175.82.11 www-prd IN A 74.117.189.132 www-qa IN A 74.117.189.131 wiki IN A 74.117.189.132 lists IN A 64.56.207.219 monitor IN A 213.234.126.133 bugs IN A 81.175.82.11 nl IN A 81.175.82.11 dl-2 IN A 208.74.141.33 dl-3 IN A 74.117.189.132 dl-4 IN A 64.56.207.216 rsync IN A 81.175.82.11 distfiles IN A 91.220.88.29 build-edge IN A 91.220.88.23 build64-edge IN A 204.152.221.26 build-2-2 IN A 91.220.88.34 build64-2-2 IN A 91.220.88.35 build-2-1 IN A 91.220.88.32 build-2-0 IN A 91.220.88.31 build-1-10 IN A 91.220.88.26
On the slave server, set up /etc/nsd/nsd.conf:
server: ip-address: 10.2.0.1 port: 53 server-count: 1 ip4-only: yes hide-version: yes identity: "" zonesdir: "/etc/nsd" key: name: "sec_key" algorithm: hmac-md5 secret: "WhateverSecretYouUse" zone: name: alpinelinux.org zonefile: alpinelinux.org.zone allow-notify: 10.1.0.1 sec_key request-xfr: AXFR 10.1.0.1 sec_key
Create the zone file /etc/nsd/alpinelinux.org.zone as well, on the slave.
Start Server
First step, make sure you don't have any typos in your configurations (on both boxes):
nsd-checkconf /etc/nsd/nsd.conf
Then each time a change is made to the zone (including when you first start the server), you need to rebuild the NSD zone databases:
nsdc rebuild
Finally, start the server and set it to auto-start:
rc-service nsd start rc-update add nsd