[nsd-users] First post in the list

Greg A. Woods woods at planix.ca
Tue Oct 11 22:42:50 CEST 2011


At Tue, 11 Oct 2011 14:51:01 -0500, ficovh Valladolid <ficovh at gmail.com> wrote:
Subject: [nsd-users] First post in the list
> 
> I'm a BSD User, and are experimenting NSD in a OpenBSD box: anyone have
> samples or config for setting NSD on OpenBSD ?
> Anyone are using it on BSD succesfully ?

I'm using NSD successfully on NetBSD, and have been doing so for some
time now, and in several different settings.

I think for the most part any differences between OpenBSD and NetBSD are
irrelevant for use of NSD.

I'm building and installing NSD from NetBSD pkgsrc (more or less -- I
have local patches to fix a few cosmetic issues with the pkgsrc module
itself and add features to the rc.d script, but no local patches to the
NSD code).

I append the following two lines to /etc/daily.local:

	# do daily flush of /var/db/nsd/nsd-ixfrd.db
	su -m nsd -c '/usr/pkg/sbin/nsdc patch'

----------------------------------------
#
#	nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
#

# global options for the nsd server
#
server:
	# uncomment to specify specific interfaces to bind (default all).
	#ip-address: 1.2.3.4
	#ip-address: 12fe::8ef0
	ip-address: 204.92.254.5

	# port to answer queries on. default is 53.
	#port: 53

	# listen only on IPv4 connections
	ip4-only: yes

	# listen only on IPv6 connections
	# ip6-only: no

	# the database to use.
	database: "/var/db/nsd/nsd.db"

	# whether or not to hide the server's identity (not necessary!)
	hide-version: no

	# log messages to file. Default to stderr and syslog.
	#logfile: "/var/log/nsd.log"

	# Number of NSD servers to fork.
	#server-count: 1

	# Maximum number of concurrent TCP connections per server.
	tcp-count: 100

	# File to store pid for nsd in.
	#pidfile: "/var/run/nsd.pid"

	# statistics are produced every number of seconds.
	statistics: 3600

	# After binding socket, drop user privileges.
	# can be a username, id or id.gid.
	username: nsd

	# The directory for zonefile: files.
	#zonesdir: "/etc/nsd"

	# The file where incoming zone transfers are stored.
	# run nsd-patch to update zone files, then you can safely delete it.
	difffile: "/var/db/nsd/nsd-ixfr.db"

	# The file where secondary zone refresh and expire timeouts are kept.
	# If you delete this file, all secondary zones are forced to be 
	# 'refreshing' (as if nsd got a notify).
	xfrdfile: "/var/db/nsd/nsd-xfrd.state"

	# Number of seconds between reloads triggered by xfrd.
	#xfrd-reload-timeout: 10

	# Verbosity level.
	verbosity: 2

# the following zones should be in every nameserver as per RFC 1912
#
# They have no secondaries, and provide no notifies (but are freely
# transferable).  These zones are most critical in caching resolvers
# and fowarders, but may still provide some benefit in
# authoritative-only nameservers.
#
zone:
	name: "0.in-addr.arpa"
	zonefile: "master/0"
	provide-xfr: 0.0.0.0/0 NOKEY
#
zone:
	name: "255.in-addr.arpa"
	zonefile: "master/255"
	provide-xfr: 0.0.0.0/0 NOKEY
#
#	the ipv4 loopback forward and reverse-lookup zones...
#
# a "top-level" domain to name the loopback interface(s)...
#
zone:
	name: "localhost"
	zonefile: "master/localhost"
	provide-xfr: 0.0.0.0/0 NOKEY
#
# The 127/8 reverse zones also provide a pedantic example of how
# reverse zones for class-A and class-B subnets should be delegated so
# that you can manage each sub-zone from a separate file...
#
zone:
	name: "127.IN-ADDR.ARPA"
	zonefile: "master/127"
	provide-xfr: 0.0.0.0/0 NOKEY
#
zone:
	name: "0.127.IN-ADDR.ARPA"
	zonefile: "master/127.0"
	provide-xfr: 0.0.0.0/0 NOKEY
#
zone:
	name: "0.0.127.IN-ADDR.ARPA"
	zonefile: "master/127.0.0"
	provide-xfr: 0.0.0.0/0 NOKEY
#
zone:
	name: "255.127.IN-ADDR.ARPA"
	zonefile: "master/127.255"
	provide-xfr: 0.0.0.0/0 NOKEY
#
zone:
	name: "255.255.127.IN-ADDR.ARPA"
	zonefile: "master/127.255.255"
	provide-xfr: 0.0.0.0/0 NOKEY


# the rest of the configuration is included from separate files for
# easier maintenance -- i.e. this file can be updated independently of
# whatever zones this server handles.
#
include: "/etc/nsd/nsd-keys.conf"

include: "/etc/nsd/nsd-master.conf"

include: "/etc/nsd/nsd-slave.conf"

----------------------------------------
#
#	nsd-keys.conf
#
# currently empty....
----------------------------------------
#
#	nsd-master.conf
#
# public zones for which this server is auth
#
zone:
	name: "weird.ca"
	zonefile: "master/weird.ca"
	provide-xfr: 0.0.0.0/0 NOKEY

# ... and so on ...
----------------------------------------
#
#	nsd-slave.conf
#
# public zones which this server slaves from some other master
#
zone:
	name: "PhaedraV.com"
	zonefile: "/var/db/nsd/PhaedraV.com"
	allow-notify: 216.138.231.224 NOKEY
	request-xfr: 216.138.231.224 NOKEY
	allow-notify: 127.0.0.1 NOKEY
	allow-notify: 204.92.254.5 NOKEY
	provide-xfr: 0.0.0.0/0 NOKEY
	outgoing-interface: 204.92.254.5

# ... and so on ...
----------------------------------------

And here are the necessary master files, suitable for use at any and all
sites, as a shell archive:

# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	0
#	255
#	localhost
#	127
#	127.0
#	127.0.0
#	127.255
#	127.255.255
#
echo x - 0
sed 's/^X//' >0 << 'END-of-0'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 0.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost. (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"To stop bogus queries for net 0, as per RFC 1912."
X
X; there should be no other records in here.
END-of-0
echo x - 255
sed 's/^X//' >255 << 'END-of-255'
X;#ident	"@(#)namedb:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 255.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost. (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"To stop bogus queries for net 255, as per RFC 1912."
X
X; there should be no other records in here.
END-of-255
echo x - localhost
sed 's/^X//' >localhost << 'END-of-localhost'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 24w		; the default TTL for all records listed in this file
X
X;$ORIGIN localhost.
X@	IN	SOA	localhost. hostmaster.localhost. (
X				2003073113	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				16h )		; negative response TTL
X	IN	NS	localhost.
X	IN	A	127.0.0.1	; as per RFC 1912
X	IN	AAAA	::1
X	IN	HINFO	VIRTUAL UNKNOWN
X	IN	TXT	"The default loopback interface"
X
X; these names in the localhost zone are for RFC-1101 network names
X
Xloopback-net	IN	A	127.0.0.0
X		IN	HINFO	NETWORK NONE
X		IN	TXT	"The default IPv4 loopback network"
X
Xloopback-bcast	IN	A	127.255.255.255
X		IN	HINFO	NETWORK NONE
X		IN	TXT	"The default IPv4 loopback broadcast address (unused in most stacks)."
X
X; there can be no other records in here.
END-of-localhost
echo x - 127
sed 's/^X//' >127 << 'END-of-127'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 127.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost.  (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"The IPv4 LOOPBACK net reverse parent zone."
X
X; delegate sub-zones
X0	IN	NS	localhost.
X255	IN	NS	localhost.
END-of-127
echo x - 127.0
sed 's/^X//' >127.0 << 'END-of-127.0'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 0.127.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost.  (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"The IPv4 LOOPBACK net intermediate reverse zone."
X
X; delegate sub-zone(s)
X0	IN	NS	localhost.
END-of-127.0
echo x - 127.0.0
sed 's/^X//' >127.0.0 << 'END-of-127.0.0'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 24w		; the default TTL for all records listed in this file
X
X;$ORIGIN 0.0.127.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost.  (
X				2003073113	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				16h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"The IPv4 LOOPBACK net reverse zone."
X
X; reverse lookup for the loopback network interface and its RFC-1101
X; network name, as well as an A RR that gives the netmask:
X;
X0	IN	PTR	loopback-net.localhost.
X	IN	A	255.0.0.0
X	IN	TXT	"The loopback interface network and its netmask."
X
X; NOTE: do NOT create a "localhost.your.domain" vanity A record -- use a CNAME instead!
X;
X1	IN	PTR	localhost.
X	IN	TXT	"The pointer to _the_ canonical localhost."
X
X; there can be no other records in this zone.
END-of-127.0.0
echo x - 127.255
sed 's/^X//' >127.255 << 'END-of-127.255'
X;#ident	"@(#)namedb:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 255.127.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost.  (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"The IPv4 LOOPBACK net's intermediate broadcast reverse zone."
X
X; delegate sub-zones
X255	IN	NS	localhost.
END-of-127.255
echo x - 127.255.255
sed 's/^X//' >127.255.255 << 'END-of-127.255.255'
X;#ident	"@(#)namedb/master:$Id$"
X
X$TTL 6w		; the default TTL for all records listed in this file
X
X;$ORIGIN 255.255.127.IN-ADDR.ARPA.
X@	IN	SOA	localhost. hostmaster.localhost.  (
X				2001092700	; Serial number (yyyymmddhh)
X				8h		; Refresh Interval
X				2h		; Refresh Retry Interval
X				24w		; Expire time (24w max for BIND-8.2.3)
X				8h )		; negative response TTL
X	IN	NS	localhost.
X	IN	TXT	"The IPv4 LOOPBACK net's broadcast reverse zone."
X
X255	PTR	loopback-bcast.localhost.
X	IN	TXT	"The loopback network broadcast (usually unused)."
END-of-127.255.255
exit




-- 
						Greg A. Woods
						Planix, Inc.

<woods at planix.com>       +1 250 762-7675        http://www.planix.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://open.nlnetlabs.nl/pipermail/nsd-users/attachments/20111011/007f4040/attachment.pgp>


More information about the nsd-users mailing list