Configuring NSD 1. On your AUTH1 machine: # cd /usr/local/etc/nsd/ Now edit the file nsd.conf, and make the following changes: - find the line: # verbosity: 0 and change it to: verbosity: 1 - Now let's add a slave for your TLD zone. Insert the following lines, at the end of the file, replacing the appropriate values for your own zone: - - - - - - - - - - - - - - - cut below - - - - - - - - - - - - - zone: name: "MYTLD" zonefile: "MYTLD" # Master server - replace X with the group of your master NS allow-notify: 10.10.X.1 NOKEY allow-notify: 127.0.0.1 NOKEY request-xfr: AXFR 10.10.X.1 NOKEY - - - - - - - - - - - - - - - cut above - - - - - - - - - - - - - If you are using a separate AUTH1 machine for this exersize, say auth1.grpZ.dns.nsrc.org, then find the line: port: 55 and change it to: port: 53 - Save the file, exit 2. Start NSD! # nsd -c /usr/local/etc/nsd/nsd.conf and check that nsd is running with # tail /etc/namedb/master/nsd.log # pa ax | grep nsd 3. Test that your new secondary is answering: # dig -p 55 @127.0.0.1 MYTLD SOA where "-p 55" indicates the port number NSD is listening on as configured in nsd.conf - or - # dig @127.0.0.1 MYTLD SOA if you are running NSD on a separate machine on port 53. 4. Controlling NSD To cause the NSD daemon to reload the zone: # kill -HUP `cat /etc/namedb/master/nsd.pid` To stop the NSD program: # kill `cat /etc/namedb/master/nsd.pid` To check if it is running: # ps ax | grep nsd 5. If you performed this exercize on a separate machine and all is OK, add "auth1.grpZ.dns.nsrc.org" (or whatever machine you used) to your list of NSes in your zone on the AUTH1 host - remember to increment the serial! ... when you modified the zone on AUTH1, it should have sent a notify to auth1.grpZ.dns.nsrc.org regarding the zone change, and auth1.grpZ.dns.nsrc.org should have picked up the new version. To verify that auth1.grpZ.dns.nsrc.org has picked up a new copy of the zone: # dig @auth1.grpZ.dns.nsrc.org SOA MYTLD # dig @auth1.grpZ.dns.nsrc.org NS MYTLD Make sure you see all NSes, including auth1.grpZ ! Q: What else do you need to do to make your new NS public ?