Setting up nsd DNS server: Difference between revisions

From Alpine Linux
(update link)
(replace /etc/init.d with rc-service)
 
Line 99: Line 99:
{{Cmd|nsdc rebuild}}
{{Cmd|nsdc rebuild}}
Finally, start the server and set it to auto-start:
Finally, start the server and set it to auto-start:
{{Cmd|/etc/init.d/nsd start
{{Cmd|rc-service nsd start
rc-update add nsd}}
rc-update add nsd}}



Latest revision as of 10:32, 17 November 2023

NSD is an authoritative-only DNS server. The following page shows how to setup a single-zone configuration, with one server being a master where updates are made, and a slave which will have changes replicated to it automatically. In the examples 10.1.0.1 is used as the master server's IP address, 10.2.0.1 is the slave address. The IP addresses used here (along with the domain) should be replaced with the IP addresses of your servers.

Install

Installation is simple (perform this step on both servers):

apk add nsd

Configure

First, setup the main configuration file on the master server, /etc/nsd/nsd.conf, replacing the secret with a proper one:

server:
        ip-address: 10.1.0.1
        port: 53
        server-count: 1
        ip4-only: yes
        hide-version: yes
        identity: ""
        zonesdir: "/etc/nsd"
key:
        name: "sec_key"
        algorithm: hmac-md5
        secret: "WhateverSecretYouUse"
zone:
        name: alpinelinux.org
        zonefile: alpinelinux.org.zone
        notify: 10.2.0.1 sec_key
        provide-xfr: 10.2.0.1 sec_key

Next create the zone file for the zone in question (/etc/nsd/alpinelinux.org.zone in this case):


;## alpinelinux.org authoritative zone

$ORIGIN alpinelinux.org.
$TTL 86400

@ IN SOA ns1.alpinelinux.org. webmaster.alpinelinux.org. (
                2011100501      ; serial
                28800           ; refresh
                7200            ; retry
                86400           ; expire
                86400           ; min TTL
                )

                NS              ns1.alpinelinux.org.
                MX      10      mail.alpinelinux.org.
lists           MX      10      mail.alpinelinux.org.
@               IN      A       81.175.82.11
mail            IN      A       64.56.207.219
www             IN      A       81.175.82.11
www-prd         IN      A       74.117.189.132
www-qa          IN      A       74.117.189.131
wiki            IN      A       74.117.189.132
lists           IN      A       64.56.207.219
monitor         IN      A       213.234.126.133
bugs            IN      A       81.175.82.11
nl              IN      A       81.175.82.11
dl-2            IN      A       208.74.141.33
dl-3            IN      A       74.117.189.132
dl-4            IN      A       64.56.207.216
rsync           IN      A       81.175.82.11
distfiles       IN      A       91.220.88.29
build-edge      IN      A       91.220.88.23
build64-edge    IN      A       204.152.221.26
build-2-2       IN      A       91.220.88.34
build64-2-2     IN      A       91.220.88.35
build-2-1       IN      A       91.220.88.32
build-2-0       IN      A       91.220.88.31
build-1-10      IN      A       91.220.88.26

On the slave server, set up /etc/nsd/nsd.conf:

server:
        ip-address: 10.2.0.1
        port: 53
        server-count: 1
        ip4-only: yes
        hide-version: yes
        identity: ""
        zonesdir: "/etc/nsd"
key:
       name: "sec_key"
        algorithm: hmac-md5
        secret: "WhateverSecretYouUse"
zone:
        name: alpinelinux.org
        zonefile: alpinelinux.org.zone
        allow-notify: 10.1.0.1 sec_key
        request-xfr: AXFR 10.1.0.1 sec_key

Create the zone file /etc/nsd/alpinelinux.org.zone as well, on the slave.

Start Server

First step, make sure you don't have any typos in your configurations (on both boxes):

nsd-checkconf /etc/nsd/nsd.conf

Then each time a change is made to the zone (including when you first start the server), you need to rebuild the NSD zone databases:

nsdc rebuild

Finally, start the server and set it to auto-start:

rc-service nsd start rc-update add nsd

Tip: You've now got a set of DNS servers that will each answer with authoritative data for the given zone, and whenever updates are made to the master server, they are replicated using a zone transfer to the slave box.