Blame
Date:
Mon Jan 23 05:00:25 2023 UTC
Message:
Daily backup
001
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
002
2023-01-22
jrmu
agent=w3m/0.5.3+git20210102
003
2023-01-22
jrmu
author=jrmu
004
2023-01-22
jrmu
charset=UTF-8
005
2023-01-22
jrmu
csum=
006
2023-01-22
jrmu
ctime=1597224805
007
2023-01-22
jrmu
host=38.87.162.8
008
2023-01-22
jrmu
name=Openbsd.Nsd
009
2023-01-22
jrmu
rev=36
010
2023-01-22
jrmu
targets=Openbsd.Delphinusdnsd,Openbsd.Tcpip,Openbsd.IPv4,Openbsd.IPv6,Openbsd.Dns,Openbsd.Resourcerecords,Openbsd.Dnszones,Openbsd.Sockets,Openbsd.Ifconfig,Openbsd.Hostnameif0,Openbsd.Buyvm,Openbsd.Vmminstall,Openbsd.Domains,Openbsd.Host,Openbsd.Dig,Openbsd.FQDN
011
2023-01-22
jrmu
text=(:redirect nsd/configure:)%0a(:title Configuring nsd:)%0a%0ansd is an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%0aAdvantages of nsd:%0a%0a# Audited by the OpenBSD team%0a# Simpler than BIND%0a%0aDisadvantages of nsd:%0a%0a# More difficult to fork compared to [[openbsd/delphinusdnsd|delphinusdnsd]]%0a%0a'''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TCP/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the [[openbsd/dns|domain name system]], [[openbsd/resourcerecords|resource records]], and [[openbsd/dnszones|zone files]].%0a%0a!! Introduction%0a%0aPlease read through the [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-control|nsd-control]] man pages.%0a%0a!! nsd.conf%0a%0aEdit these sections in /var/nsd/etc/nsd.conf:%0a%0a[@%0aserver:%0a hide-version: yes%0a verbosity: 2%0a database: "" # disable database%0a username: _nsd%0a logfile: "/var/log/nsd.log"%0a@]%0a%0aYou'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/sockets|socket]], and we want to log to /var/log/nsd.log.%0a%0a[@%0a## bind to a specific address/port%0a ip-address: 198.51.100.1%0a# ip-address: 192.0.2.53@5678%0a ip-address: 2001:db8::%0a@]%0a%0aWe bind to our public IPv4 address 198.51.100.1 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%0a'''Note''': If you forget your real public IP addresses, you can check [[openbsd/ifconfig|ifconfig]], your [[openbsd/hostnameif0|hostname.if0]], or check your [[openbsd/buyvm|BuyVM]] or [[openbsd/vmminstall|VMM install]] guides.%0a%0a[@%0aremote-control:%0a control-enable: yes%0a control-interface: /var/run/nsd.sock%0a@]%0a%0aThis will allow using [[https://man.openbsd.org/nsd-control|nsd-control]] to control the server.%0a%0a!! Master-Only Server%0a%0aThe [[openbsd/dns|DNS system]] requires you to specify master and slave servers. Internet standards require every zone to have at least two name servers, so you'll normally need to configure both a master and a slave.%0a%0aTo start off, we'll configure just a master name server. This will let us quickly test to see if our name server is working:%0a%0a[@%0a## master zone example%0azone:%0a name: "example.ircnow.org"%0a zonefile: "master/example.ircnow.org"%0a# notify: 192.0.2.1 NOKEY%0a# provide-xfr: 192.0.2.1 NOKEY%0a@]%0a%0aWe'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered, such as @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a%0a!! Write the Zone File%0a%0aWrite your [[openbsd/dnszones|DNS zone]] into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%0a[@%0a$ORIGIN example.ircnow.org.%0aexample.ircnow.org. 3600 SOA ns1.example.ircnow.org. admin.example.ircnow.org. (%0a 2021020301 ; serial YYYYMMDDnn%0a 1800 ; refresh%0a 3600 ; retry%0a 86400 ; expire%0a 3600 ) ; minimum TTL%0a 3600 IN MX 10 mail%0a 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0a 3600 IN NS ns1%0a 3600 IN NS ns2%0ans1 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0ans2 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0awww 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0airc 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0aimap 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0asmtp 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0amail 3600 IN A 198.51.100.1%0a 3600 IN AAAA 2001:db8::%0a@]%0a%0aFor an explanation of how to interpret this zone file, please see the section on [[openbsd/dnszones|DNS zones]].%0a%0a!! Start NSD and Test%0a%0aAt this point, we can start nsd:%0a%0a[@%0a$ doas rcctl enable nsd%0a$ doas rcctl start nsd%0a@]%0a%0aIf all was configured correctly, we should now be able to query our nameserver with [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%0a[@%0a$ host www.example.ircnow.org example.ircnow.org%0aUsing domain server:%0aName: example.ircnow.org%0aAddress: 198.51.100.1#53%0aAliases: %0a%0awww.example.ircnow.org has address 198.51.100.1%0awww.example.ircnow.org has IPv6 address 2001:db8::%0a@]%0a%0aThis will query the name server example.ircnow.org for the resource records in www.example.ircnow.org.%0a%0a!! Delegate Zone%0a%0aOnce you've confirmed nsd works, you want to delegate authority for the zone to your nameserver. If you're using an ircnow.org subdomain, you'll need to ask the sysadmin in charge to finish this step. If you registered a domain elsewhere, make sure that the nameserver for the domain points to your nameserver (@@ns1.example.com@@ and @@ns2.example.com@@) and that the glue records are defined.%0a%0a!! Troubleshooting%0a%0aIf at any step you are not getting proper results, you should first check the conf and zones using these helpful tools:%0a%0a[@%0a$ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a/var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0aread /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a@]%0a%0aThe error is found on line 34 of /var/nsd/etc/nsd.conf:%0a%0a[@%0a#zone:%0a name: "example.ircnow.org"%0a zonefile: "master/example.ircnow.org"%0a@]%0a%0aHere we forgot to uncomment @@zone:@@. Once that is done, try again. If there are no errors, [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]] will not return any output -- no news is good news!%0a%0aYou'll also want to check if the zone is valid:%0a%0a[@%0a$ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a[2021-02-02 03:49:14.921] nsd-checkzone[32265]: error: /var/nsd/zones/master/example.ircnow.org:8: out of zone data: out.of.zone.com. is outside the zone for fqdn example.ircnow.org.%0a@]%0a%0aThe error is on line 8 of /var/nsd/zones/master/example.ircnow.org:%0a%0a[@%0aout.of.zone.example.com. 3600 IN A 10.0.0.1%0a@]%0a%0aHere we specify a [[openbsd/FQDN|FQDN]] out.of.zone.example.com. which is outside of the zone for this file (example.ircnow.org). This is invalid so nsd refuses to look any further and quits. In this case, we need to delete this line (or perhaps move it to the proper zone file). Once that is done, run the test again:%0a%0a[@%0a$ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0azone example.ircnow.org is ok%0a@]%0a%0aYou can also run nsd in the foreground or view the logs:%0a%0a[@%0a$ doas nsd -d -V 3 %0a/var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0aread /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a[2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a@]%0a%0aThis is the same error message as before when we ran nsd-checkconf above.%0a%0aSuppose we had deleted /var/nsd/zones/master/example.ircnow.org. When we check /var/log/nsd.log, we see:%0a%0a[@%0a[2021-02-02 07:31:43.898] nsd[37575]: info: zonefile master/example.ircnow.org does not exist%0a@]%0a%0a'''Tip''': Whenever you encounter an error with nsd, always check /var/log/nsd.log.%0a%0a!! See Also%0a%0a[[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]%0a
012
2023-01-22
jrmu
time=1652142827
013
2023-01-22
jrmu
title=Configuring nsd
014
2023-01-22
jrmu
author:1652142827=jrmu
015
2023-01-22
jrmu
diff:1652142827:1612272859:=1d0%0a%3c (:redirect nsd/configure:)%0a196c195%0a%3c [[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]%0a---%0a> [[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]%0a\ No newline at end of file%0a
016
2023-01-22
jrmu
host:1652142827=38.87.162.8
017
2023-01-22
jrmu
author:1612272859=jrmu
018
2023-01-22
jrmu
diff:1612272859:1612272783:=193,195c193%0a%3c !! See Also%0a%3c %0a%3c [[https://www.denic.de/en/service/tools/nast/|Nameserver Check]]%0a\ No newline at end of file%0a---%0a> https://www.denic.de/en/service/tools/nast/%0a\ No newline at end of file%0a
019
2023-01-22
jrmu
host:1612272859=198.251.81.119
020
2023-01-22
jrmu
author:1612272783=jrmu
021
2023-01-22
jrmu
diff:1612272783:1612272062:=174,175c174,175%0a%3c You can also run nsd in the foreground or view the logs:%0a%3c %0a---%0a> either run nsd in the foreground or view the logs:%0a> %0a183,186c183,190%0a%3c This is the same error message as before when we ran nsd-checkconf above.%0a%3c %0a%3c Suppose we had deleted /var/nsd/zones/master/example.ircnow.org. When we check /var/log/nsd.log, we see:%0a%3c %0a---%0a> Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a> %0a> Often, hints for debugging can be found in /var/log/nsd.log.%0a> %0a> %0a> %0a> Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a> %0a188c192,193%0a%3c [2021-02-02 07:31:43.898] nsd[37575]: info: zonefile master/example.ircnow.org does not exist%0a---%0a> $ doas rcctl enable nsd%0a> $ doas rcctl start nsd%0a191c196,204%0a%3c '''Tip''': Whenever you encounter an error with nsd, always check /var/log/nsd.log.%0a---%0a> If there are issues you can start nsd in debug mode%0a> %0a> [@%0a> doas nsd -d -V 3%0a> @]%0a> %0a> !! Troubleshooting%0a> %0a> Troubleshooting DNS%0a
022
2023-01-22
jrmu
host:1612272783=198.251.81.119
023
2023-01-22
jrmu
author:1612272062=jrmu
024
2023-01-22
jrmu
diff:1612272062:1612271169:=129,132d128%0a%3c %0a%3c !! Delegate Zone%0a%3c %0a%3c Once you've confirmed nsd works, you want to delegate authority for the zone to your nameserver. If you're using an ircnow.org subdomain, you'll need to ask the sysadmin in charge to finish this step. If you registered a domain elsewhere, make sure that the nameserver for the domain points to your nameserver (@@ns1.example.com@@ and @@ns2.example.com@@) and that the glue records are defined.%0a
025
2023-01-22
jrmu
host:1612272062=198.251.81.119
026
2023-01-22
jrmu
author:1612271169=jrmu
027
2023-01-22
jrmu
diff:1612271169:1612270698:=84,85c84,85%0a%3c 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a---%0a> 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a88,101c88,101%0a%3c ns1 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c ns2 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c www 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c irc 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c imap 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c smtp 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a%3c mail 3600 IN A 198.51.100.1%0a%3c 3600 IN AAAA 2001:db8::%0a---%0a> ns1 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> ns2 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> www 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> irc 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> imap 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> smtp 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a> mail 3600 IN A 198.251.80.229%0a> 3600 IN AAAA 2605:6400:20:1290::%0a
028
2023-01-22
jrmu
host:1612271169=198.251.81.119
029
2023-01-22
jrmu
author:1612270698=jrmu
030
2023-01-22
jrmu
diff:1612270698:1612270533:=69c69%0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered, such as @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a---%0a> We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered for like @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a
031
2023-01-22
jrmu
host:1612270698=198.251.81.119
032
2023-01-22
jrmu
author:1612270533=jrmu
033
2023-01-22
jrmu
diff:1612270533:1612268696:=54c54%0a%3c !! Master-Only Server%0a---%0a> !! Master/Slave Servers%0a
034
2023-01-22
jrmu
host:1612270533=198.251.81.119
035
2023-01-22
jrmu
author:1612268696=jrmu
036
2023-01-22
jrmu
diff:1612268696:1612267739:=33c33%0a%3c You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/sockets|socket]], and we want to log to /var/log/nsd.log.%0a---%0a> You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/tcpip|socket]], and we want to log to /var/log/nsd.log.%0a
037
2023-01-22
jrmu
host:1612268696=198.251.81.119
038
2023-01-22
jrmu
author:1612267739=jrmu
039
2023-01-22
jrmu
diff:1612267739:1612260084:=
040
2023-01-22
jrmu
host:1612267739=198.251.81.119
041
2023-01-22
jrmu
author:1612260084=jrmu
042
2023-01-22
jrmu
diff:1612260084:1612258614:=37c37%0a%3c ip-address: 198.51.100.1%0a---%0a> ip-address: 198.51.100.0%0a42,43c42,43%0a%3c We bind to our public IPv4 address 198.51.100.1 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%3c %0a---%0a> We bind to our public IPv4 address 198.51.100.0 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a> %0a119,125d118%0a%3c Using domain server:%0a%3c Name: example.ircnow.org%0a%3c Address: 198.51.100.1#53%0a%3c Aliases: %0a%3c %0a%3c www.example.ircnow.org has address 198.51.100.1%0a%3c www.example.ircnow.org has IPv6 address 2001:db8::%0a128,129c121,122%0a%3c This will query the name server example.ircnow.org for the resource records in www.example.ircnow.org.%0a%3c %0a---%0a> This will query the name server example.ircnow.org for the records for www.example.ircnow.org.%0a> %0a132,133c125,126%0a%3c If at any step you are not getting proper results, you should first check the conf and zones using these helpful tools:%0a%3c %0a---%0a> If at any step you are not getting proper results, you should either run nsd in the foreground or view the logs:%0a> %0a135c128%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a---%0a> $ doas nsd -d -V 3 %0a137a131%0a> [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a143c137%0a%3c #zone:%0a---%0a> zone:%0a148,151c142,147%0a%3c Here we forgot to uncomment @@zone:@@. Once that is done, try again. If there are no errors, [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]] will not return any output -- no news is good news!%0a%3c %0a%3c You'll also want to check if the zone is valid:%0a%3c %0a---%0a> Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a> %0a> Often, hints for debugging can be found in /var/log/nsd.log.%0a> %0a> !! Master/Slave Servers%0a> %0a153,154c149,154%0a%3c $ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a%3c [2021-02-02 03:49:14.921] nsd-checkzone[32265]: error: /var/nsd/zones/master/example.ircnow.org:8: out of zone data: out.of.zone.com. is outside the zone for fqdn example.ircnow.org.%0a---%0a> ## slave zone example%0a> #zone:%0a> # name: "example.net"%0a> # zonefile: "slave/example.net"%0a> # allow-notify: 192.0.2.2 tsig1.example.com.%0a> # request-xfr: 192.0.2.2 tsig1.example.com.%0a157,158d156%0a%3c The error is on line 8 of /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a160c158,162%0a%3c out.of.zone.example.com. 3600 IN A 10.0.0.1%0a---%0a> ## tsig key example%0a> key:%0a> name: "example.ircnow.org"%0a> algorithm: hmac-sha256%0a> secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a163,164c165,171%0a%3c Here we specify a [[openbsd/FQDN|FQDN]] out.of.zone.example.com. which is outside of the zone for this file (example.ircnow.org). This is invalid so nsd refuses to look any further and quits. In this case, we need to delete this line (or perhaps move it to the proper zone file). Once that is done, run the test again:%0a%3c %0a---%0a> It's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a> %0a> %0a> !! Primary and secondary server%0a> %0a> If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a> %0a166,167c173,177%0a%3c $ doas nsd-checkzone example.ircnow.org /var/nsd/zones/master/example.ircnow.org%0a%3c zone example.ircnow.org is ok%0a---%0a> zone:%0a> name: "example.net"%0a> zonefile: "master/example.net"%0a> notify: 20.20.20.20 NOKEY%0a> provide-xfr: 20.20.20.20 NOKEY%0a170,171c180,181%0a%3c either run nsd in the foreground or view the logs:%0a%3c %0a---%0a> Create a new block in the secondary server config file, as in the example:%0a> %0a173,176c183,187%0a%3c $ doas nsd -d -V 3 %0a%3c /var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0a%3c read /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a%3c [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a---%0a> zone:%0a> name: "example.net"%0a> zonefile: "slave/example.net"%0a> allow-notify: 10.10.10.10 NOKEY%0a> request-xfr: 10.10.10.10 NOKEY%0a179,189c190,223%0a%3c Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a%3c %0a%3c Often, hints for debugging can be found in /var/log/nsd.log.%0a%3c %0a%3c %0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a---%0a> !! The zone file for NSD%0a> %0a> The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a> %0a> [@%0a> ; Domain file from My project%0a> %0a> example.net. 3600 SOA ns.example.net. admin.example.net. (%0a> 2020070701 ; serial YYYYMMDDnn%0a> 10800 ; refresh%0a> 3600 ; retry%0a> 604800 ; expire%0a> 86400 ) ; minimum TTL%0a> %0a> example.net. NS ns.example.net.%0a> example.net. NS ns.secondary.net.%0a> ns A 10.10.10.10%0a> example.net. A 10.10.10.10%0a> www A 10.10.10.10%0a> irc A 10.10.10.10%0a> imap A 10.10.10.10%0a> smtp A 10.10.10.10%0a> example.net. mx 10 smtp.example.net.%0a> @]%0a> %0a> Save this zone file as /var/nsd/zones/master/example.net%0a> %0a> !! Configuration check and start%0a> %0a> NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a> %0a> [@%0a> $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a> @]%0a
043
2023-01-22
jrmu
host:1612260084=198.251.81.119
044
2023-01-22
jrmu
author:1612258614=jrmu
045
2023-01-22
jrmu
diff:1612258614:1612258218:=122,144d121%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c If at any step you are not getting proper results, you should either run nsd in the foreground or view the logs:%0a%3c %0a%3c [@%0a%3c $ doas nsd -d -V 3 %0a%3c /var/nsd/etc/nsd.conf:34: at 'name:': error: syntax error%0a%3c read /var/nsd/etc/nsd.conf failed: 1 errors in configuration file%0a%3c [2021-02-02 03:33:50.261] nsd[93210]: error: could not read config: /var/nsd/etc/nsd.conf%0a%3c @]%0a%3c %0a%3c The error is found on line 34 of /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c name: "example.ircnow.org"%0a%3c zonefile: "master/example.ircnow.org"%0a%3c @]%0a%3c %0a%3c Here we forgot to create the zonefile /var/nsd/zones/master/example.ircnow.org.%0a%3c %0a%3c Often, hints for debugging can be found in /var/log/nsd.log.%0a
046
2023-01-22
jrmu
host:1612258614=198.251.81.119
047
2023-01-22
jrmu
author:1612258218=jrmu
048
2023-01-22
jrmu
diff:1612258218:1612258131:=76,77c76,77%0a%3c $ORIGIN example.ircnow.org.%0a%3c example.ircnow.org. 3600 SOA ns1.example.ircnow.org. admin.example.ircnow.org. (%0a---%0a> $ORIGIN user.fruit.ircnow.org.%0a> user.fruit.ircnow.org. 3600 SOA ns1.user.fruit.ircnow.org. admin.user.fruit.ircnow.org. (%0a118c118%0a%3c $ host www.example.ircnow.org example.ircnow.org%0a---%0a> $ host www.user.fruit.ircnow.org user.fruit.ircnow.org%0a121,125c121,122%0a%3c This will query the name server example.ircnow.org for the records for www.example.ircnow.org.%0a%3c %0a%3c !! Master/Slave Servers%0a%3c %0a%3c [@%0a---%0a> This will query the name server user.fruit.ircnow.org for the records for www.user.fruit.ircnow.org.%0a> %0a
049
2023-01-22
jrmu
host:1612258218=198.251.81.119
050
2023-01-22
jrmu
author:1612258131=jrmu
051
2023-01-22
jrmu
diff:1612258131:1612257904:=104,105d103%0a%3c For an explanation of how to interpret this zone file, please see the section on [[openbsd/dnszones|DNS zones]].%0a%3c %0a118c116%0a%3c $ host www.user.fruit.ircnow.org user.fruit.ircnow.org%0a---%0a> $ host%0a120,121d117%0a%3c %0a%3c This will query the name server user.fruit.ircnow.org for the records for www.user.fruit.ircnow.org.%0a
052
2023-01-22
jrmu
host:1612258131=198.251.81.119
053
2023-01-22
jrmu
author:1612257904=jrmu
054
2023-01-22
jrmu
diff:1612257904:1612254521:=73,74c73,74%0a%3c Write your [[openbsd/dnszones|DNS zone]] into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a---%0a> Write your DNS zone into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a> %0a76,79c76,80%0a%3c $ORIGIN user.fruit.ircnow.org.%0a%3c user.fruit.ircnow.org. 3600 SOA ns1.user.fruit.ircnow.org. admin.user.fruit.ircnow.org. (%0a%3c 2021020301 ; serial YYYYMMDDnn%0a%3c 1800 ; refresh%0a---%0a> ; Domain file from My project%0a> %0a> example.net. 3600 SOA ns.example.net. admin.example.net. (%0a> 2020070701 ; serial YYYYMMDDnn%0a> 10800 ; refresh%0a81,101c82,93%0a%3c 86400 ; expire%0a%3c 3600 ) ; minimum TTL%0a%3c 3600 IN MX 10 mail%0a%3c 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c 3600 IN NS ns1%0a%3c 3600 IN NS ns2%0a%3c ns1 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c ns2 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c www 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c irc 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c imap 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c smtp 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a%3c mail 3600 IN A 198.251.80.229%0a%3c 3600 IN AAAA 2605:6400:20:1290::%0a---%0a> 604800 ; expire%0a> 86400 ) ; minimum TTL%0a> %0a> example.net. NS ns.example.net.%0a> example.net. NS ns.secondary.net.%0a> ns A 10.10.10.10%0a> example.net. A 10.10.10.10%0a> www A 10.10.10.10%0a> irc A 10.10.10.10%0a> imap A 10.10.10.10%0a> smtp A 10.10.10.10%0a> example.net. mx 10 smtp.example.net.%0a
055
2023-01-22
jrmu
host:1612257904=198.251.81.119
056
2023-01-22
jrmu
author:1612254521=jrmu
057
2023-01-22
jrmu
diff:1612254521:1612253975:=72,94d71%0a%3c %0a%3c Write your DNS zone into the zone that you specified above, /var/nsd/zones/master/example.ircnow.org:%0a%3c %0a%3c [@%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net. 3600 SOA ns.example.net. admin.example.net. (%0a%3c 2020070701 ; serial YYYYMMDDnn%0a%3c 10800 ; refresh%0a%3c 3600 ; retry%0a%3c 604800 ; expire%0a%3c 86400 ) ; minimum TTL%0a%3c %0a%3c example.net. NS ns.example.net.%0a%3c example.net. NS ns.secondary.net.%0a%3c ns A 10.10.10.10%0a%3c example.net. A 10.10.10.10%0a%3c www A 10.10.10.10%0a%3c irc A 10.10.10.10%0a%3c imap A 10.10.10.10%0a%3c smtp A 10.10.10.10%0a%3c example.net. mx 10 smtp.example.net.%0a%3c @]%0a
058
2023-01-22
jrmu
host:1612254521=198.251.81.119
059
2023-01-22
jrmu
author:1612253975=jrmu
060
2023-01-22
jrmu
diff:1612253975:1612253728:=69,86c69,71%0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]]. It might look like @@username.fruit.ircnow.org@@ or it could be a domain you registered for like @@example.com@@. The zonefile might look like "master/username.fruit.ircnow.org" or "master/example.com" if you registered your own domain.%0a%3c %0a%3c !! Write the Zone File%0a%3c %0a%3c !! Start NSD and Test%0a%3c %0a%3c At this point, we can start nsd:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c @]%0a%3c %0a%3c If all was configured correctly, we should now be able to query our nameserver with [[openbsd/host|host]] or [[openbsd/dig|dig]]:%0a%3c %0a%3c [@%0a%3c $ host%0a%3c @]%0a---%0a> We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]].%0a> %0a> %0a
061
2023-01-22
jrmu
host:1612253975=198.251.81.119
062
2023-01-22
jrmu
author:1612253728=jrmu
063
2023-01-22
jrmu
diff:1612253728:1612248403:=54,59d53%0a%3c !! Master/Slave Servers%0a%3c %0a%3c The [[openbsd/dns|DNS system]] requires you to specify master and slave servers. Internet standards require every zone to have at least two name servers, so you'll normally need to configure both a master and a slave.%0a%3c %0a%3c To start off, we'll configure just a master name server. This will let us quickly test to see if our name server is working:%0a%3c %0a62,64c56,58%0a%3c zone:%0a%3c name: "example.ircnow.org"%0a%3c zonefile: "master/example.ircnow.org"%0a---%0a> #zone:%0a> # name: "example.com"%0a> # zonefile: "master/example.com"%0a67,71d60%0a%3c @]%0a%3c %0a%3c We'll uncomment the zone. The name is the name of our [[openbsd/domains|domain or subdomain]].%0a%3c %0a%3c %0a
064
2023-01-22
jrmu
host:1612253728=198.251.81.119
065
2023-01-22
jrmu
author:1612248403=jrmu
066
2023-01-22
jrmu
diff:1612248403:1612248323:=54d53%0a%3c [@%0a68c67%0a%3c @]%0a---%0a> %0a
067
2023-01-22
jrmu
host:1612248403=198.251.81.119
068
2023-01-22
jrmu
author:1612248323=jrmu
069
2023-01-22
jrmu
diff:1612248323:1612247316:=53,78d52%0a%3c %0a%3c ## master zone example%0a%3c #zone:%0a%3c # name: "example.com"%0a%3c # zonefile: "master/example.com"%0a%3c # notify: 192.0.2.1 NOKEY%0a%3c # provide-xfr: 192.0.2.1 NOKEY%0a%3c %0a%3c ## slave zone example%0a%3c #zone:%0a%3c # name: "example.net"%0a%3c # zonefile: "slave/example.net"%0a%3c # allow-notify: 192.0.2.2 tsig1.example.com.%0a%3c # request-xfr: 192.0.2.2 tsig1.example.com.%0a%3c %0a%3c %0a%3c [@%0a%3c ## tsig key example%0a%3c key:%0a%3c name: "example.ircnow.org"%0a%3c algorithm: hmac-sha256%0a%3c secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a%3c @]%0a%3c %0a%3c It's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a%3c %0a
070
2023-01-22
jrmu
host:1612248323=198.251.81.119
071
2023-01-22
jrmu
author:1612247316=jrmu
072
2023-01-22
jrmu
diff:1612247316:1612246923:=22,23c22,23%0a%3c Edit these sections in /var/nsd/etc/nsd.conf:%0a%3c %0a---%0a> Edit /var/nsd/etc/nsd.conf:%0a> %0a35d34%0a%3c [@%0a37c36%0a%3c ip-address: 198.51.100.0%0a---%0a> ip-address: 38.81.163.143%0a39c38,49%0a%3c ip-address: 2001:db8::%0a---%0a> ip-address: 2001:550:3402:1:143::%0a> %0a> ## make packets as small as possible, on by default%0a> # minimal-responses: yes%0a> %0a> ## respond with truncation for ANY queries over UDP and allow ANY over TCP,%0a> ## on by default%0a> # refuse-any: yes%0a> %0a> remote-control:%0a> control-enable: yes%0a> control-interface: /var/run/nsd.sock%0a41,52d50%0a%3c %0a%3c We bind to our public IPv4 address 198.51.100.0 and our public IPv6 address 2001:db8:: (substitute these with your real public IP addresses).%0a%3c %0a%3c '''Note''': If you forget your real public IP addresses, you can check [[openbsd/ifconfig|ifconfig]], your [[openbsd/hostnameif0|hostname.if0]], or check your [[openbsd/buyvm|BuyVM]] or [[openbsd/vmminstall|VMM install]] guides.%0a%3c %0a%3c [@%0a%3c remote-control:%0a%3c control-enable: yes%0a%3c control-interface: /var/run/nsd.sock%0a%3c @]%0a%3c %0a%3c This will allow using [[https://man.openbsd.org/nsd-control|nsd-control]] to control the server.%0a
073
2023-01-22
jrmu
host:1612247316=198.251.81.119
074
2023-01-22
jrmu
author:1612246923=jrmu
075
2023-01-22
jrmu
diff:1612246923:1612244582:=26,30c26,43%0a%3c hide-version: yes%0a%3c verbosity: 2%0a%3c database: "" # disable database%0a%3c username: _nsd%0a%3c logfile: "/var/log/nsd.log"%0a---%0a> ip-address: 0.0.0.0%0a> ip4-only: yes%0a> identity: "DNS"%0a> hide-version: yes%0a> verbosity: 1%0a> database: ""%0a> username: _nsd%0a> logfile: "/var/log/nsd.log"%0a> pidfile: "/var/nsd/run/nsd.pid"%0a> %0a> remote-control:%0a> control-enable: yes%0a> control-interface: /var/nsd/run/nsd.sock%0a> %0a> zone:%0a> name: "example.com"%0a> zonefile: "master/example.com"%0a> %0a33,51d45%0a%3c You'll want to hide the version, change verbosity to 2 to get errors and warnings about failed transfers. We don't want a database so we leave it blank, we drop to the user _nsd after binding the [[openbsd/tcpip|socket]], and we want to log to /var/log/nsd.log.%0a%3c %0a%3c ## bind to a specific address/port%0a%3c ip-address: 38.81.163.143%0a%3c # ip-address: 192.0.2.53@5678%0a%3c ip-address: 2001:550:3402:1:143::%0a%3c %0a%3c ## make packets as small as possible, on by default%0a%3c # minimal-responses: yes%0a%3c %0a%3c ## respond with truncation for ANY queries over UDP and allow ANY over TCP,%0a%3c ## on by default%0a%3c # refuse-any: yes%0a%3c %0a%3c remote-control:%0a%3c control-enable: yes%0a%3c control-interface: /var/run/nsd.sock%0a%3c @]%0a%3c %0a121,124d114%0a%3c %0a%3c !! Troubleshooting%0a%3c %0a%3c Troubleshooting DNS%0a
076
2023-01-22
jrmu
host:1612246923=198.251.81.119
077
2023-01-22
jrmu
author:1612244582=jrmu
078
2023-01-22
jrmu
diff:1612244582:1612240453:=22c22,24%0a%3c Edit /var/nsd/etc/nsd.conf:%0a---%0a> First up, you'll want to open up /var/nsd/etc/nsd.conf (main configuration file)%0a> %0a> Open up /var/nsd/etc/nsd.conf:%0a
079
2023-01-22
jrmu
host:1612244582=198.251.81.119
080
2023-01-22
jrmu
author:1612240453=jrmu
081
2023-01-22
jrmu
diff:1612240453:1612240293:=18,22c18%0a%3c Please read through the [[https://man.openbsd.org/nsd|nsd]], [[https://man.openbsd.org/nsd.conf|nsd.conf]], [[https://man.openbsd.org/nsd-checkconf|nsd-checkconf]], and [[https://man.openbsd.org/nsd-control|nsd-control]] man pages.%0a%3c %0a%3c !! nsd.conf%0a%3c %0a%3c First up, you'll want to open up /var/nsd/etc/nsd.conf (main configuration file)%0a---%0a> !! /var/nsd/etc/nsd.conf (main configuration file)%0a
082
2023-01-22
jrmu
host:1612240453=198.251.81.119
083
2023-01-22
jrmu
author:1612240293=jrmu
084
2023-01-22
jrmu
diff:1612240293:1612231276:=14c14%0a%3c '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TCP/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the [[openbsd/dns|domain name system]], [[openbsd/resourcerecords|resource records]], and [[openbsd/dnszones|zone files]].%0a---%0a> '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TC/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the domain name system, resource records, and zone files.%0a
085
2023-01-22
jrmu
host:1612240293=198.251.81.119
086
2023-01-22
jrmu
author:1612231276=jrmu
087
2023-01-22
jrmu
diff:1612231276:1612231165:=13,16d12%0a%3c %0a%3c '''NOTICE''': This guide assumes you have a basic understanding of [[openbsd/tcpip|TC/IP networking]], [[openbsd/IPv4|IPv4]] and [[openbsd/IPv6|IPv6]] addressing, the domain name system, resource records, and zone files.%0a%3c %0a%3c !! Introduction%0a
088
2023-01-22
jrmu
host:1612231276=198.251.81.119
089
2023-01-22
jrmu
author:1612231165=jrmu
090
2023-01-22
jrmu
diff:1612231165:1612230627:=12c12%0a%3c # More difficult to fork compared to [[openbsd/delphinusdnsd|delphinusdnsd]]%0a---%0a> # Not as easy to fork as [[openbsd/delphinusdnsd|delphinusdnsd]]%0a
091
2023-01-22
jrmu
host:1612231165=198.251.81.119
092
2023-01-22
jrmu
author:1612230627=jrmu
093
2023-01-22
jrmu
diff:1612230627:1609673674:=3,12c3%0a%3c nsd is an authoritative name server. nsd comes as part of openbsd base so no installation will be necessary.%0a%3c %0a%3c Advantages of nsd:%0a%3c %0a%3c # Audited by the OpenBSD team%0a%3c # Simpler than BIND%0a%3c %0a%3c Disadvantages of nsd:%0a%3c %0a%3c # Not as easy to fork as [[openbsd/delphinusdnsd|delphinusdnsd]]%0a---%0a> nsd is an authoritative name server. Because nsd comes in OpenBSD base, it is our preferred nameserver.%0a
094
2023-01-22
jrmu
host:1612230627=198.251.81.119
095
2023-01-22
jrmu
author:1609673674=jrmu
096
2023-01-22
jrmu
diff:1609673674:1609242206:=38c38%0a%3c zonefile: "master/example.net"%0a---%0a> zonefile: "master/example.net.zone"%0a48c48%0a%3c zonefile: "slave/example.net"%0a---%0a> zonefile: "slave/example.net.zone"%0a78c78%0a%3c Save this zone file as /var/nsd/zones/master/example.net%0a---%0a> Save this zone file as /var/nsd/zones/master/example.net.zone%0a
097
2023-01-22
jrmu
host:1609673674=125.231.63.134
098
2023-01-22
jrmu
author:1609242206=jrmu
099
2023-01-22
jrmu
diff:1609242206:1597966747:=68c68%0a%3c example.net. NS ns.secondary.net.%0a---%0a> example.net. NS ns.secondary.net.ua.%0a
100
2023-01-22
jrmu
host:1609242206=198.251.81.119
101
2023-01-22
jrmu
author:1597966747=gry
102
2023-01-22
jrmu
csum:1597966747=+
103
2023-01-22
jrmu
diff:1597966747:1597800518:=93,98d92%0a%3c @]%0a%3c %0a%3c If there are issues you can start nsd in debug mode%0a%3c %0a%3c [@%0a%3c doas nsd -d -V 3%0a
104
2023-01-22
jrmu
host:1597966747=203.129.25.247
105
2023-01-22
jrmu
author:1597800518=gry
106
2023-01-22
jrmu
csum:1597800518=clarified
107
2023-01-22
jrmu
diff:1597800518:1597796218:=5c5%0a%3c !! /var/nsd/etc/nsd.conf (main configuration file)%0a---%0a> !! /var/nsd/etc/nsd.conf%0a
108
2023-01-22
jrmu
host:1597800518=203.129.25.247
109
2023-01-22
jrmu
author:1597796218=gry
110
2023-01-22
jrmu
csum:1597796218=+
111
2023-01-22
jrmu
diff:1597796218:1597796198:=32d31%0a%3c %0a53,54c52%0a%3c !! The zone file for NSD%0a%3c %0a---%0a> ====== The zone file for NSD ======%0a
112
2023-01-22
jrmu
host:1597796218=203.129.25.247
113
2023-01-22
jrmu
author:1597796198=gry
114
2023-01-22
jrmu
csum:1597796198=fmt
115
2023-01-22
jrmu
diff:1597796198:1597245206:=34c34%0a%3c [@%0a---%0a> %3ccode>%0a40,41c40,41%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a43,44c43%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a50,51c49,50%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a55c54%0a%3c [@%0a---%0a> %3ccode>%0a74,75c73,74%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a78,79c77%0a%3c !! Configuration check and start%0a%3c %0a---%0a> ====== Configuration check and start ======%0a81,82c79%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a84,85c81,82%0a%3c @]%0a%3c %0a---%0a> %3c/code>%0a> %0a87,88c84%0a%3c %0a%3c [@%0a---%0a> %3ccode>%0a91c87%0a%3c @]%0a---%0a> %3c/code>%0a
116
2023-01-22
jrmu
host:1597796198=203.129.25.247
117
2023-01-22
jrmu
author:1597245206=jrmu
118
2023-01-22
jrmu
diff:1597245206:1597245000:=1,9c1,7%0a%3c (:title Configuring nsd:)%0a%3c %0a%3c nsd is an authoritative name server. Because nsd comes in OpenBSD base, it is our preferred nameserver.%0a%3c %0a%3c !! /var/nsd/etc/nsd.conf%0a%3c %0a%3c Open up /var/nsd/etc/nsd.conf:%0a%3c %0a%3c [@%0a---%0a> NSD is an open-source Domain Name System (DNS) server. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server. NSD is a NS that comes as a part of OpenBSD base.%0a> %0a> ====== Configuration of NSD ======%0a> The main configuration file for NSD is a file called nsd.conf located in the /var/nsd/etc/ directory.%0a> Now, open/create the new file in your text editor with root privileges. Here's a sample:%0a> %0a> %3ccode>%0a20c18,21%0a%3c %0a---%0a> difffile: "/var/nsd/db/ixfr.db"%0a> xfrdfile: "/var/nsd/db/xfrd.state"%0a> database: "/var/nsd/db/nsd.db"%0a> %0a26,31c27,33%0a%3c name: "example.com"%0a%3c zonefile: "master/example.com"%0a%3c %0a%3c @]%0a%3c %0a%3c !! Primary and secondary server%0a---%0a> name: "example.net"%0a> zonefile: "master/example.net.zone"%0a> #notify: 193.201.116.2 NOKEY%0a> #provide-xfr: 193.201.116.2 NOKEY%0a> %3c/code>%0a> %0a> ====== Primary and secondary server ======%0a
119
2023-01-22
jrmu
host:1597245206=38.81.163.143
120
2023-01-22
jrmu
author:1597245000=jrmu
121
2023-01-22
jrmu
diff:1597245000:1597224805:=89,91c89%0a%3c %3c/code>%0a%3c %0a%3c https://www.denic.de/en/service/tools/nast/%0a\ No newline at end of file%0a---%0a> %3c/code>%0a\ No newline at end of file%0a
122
2023-01-22
jrmu
host:1597245000=38.81.163.143
123
2023-01-22
jrmu
author:1597224805=jrmu
124
2023-01-22
jrmu
diff:1597224805:1597224805:=1,89d0%0a%3c NSD is an open-source Domain Name System (DNS) server. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server. NSD is a NS that comes as a part of OpenBSD base.%0a%3c %0a%3c ====== Configuration of NSD ======%0a%3c The main configuration file for NSD is a file called nsd.conf located in the /var/nsd/etc/ directory.%0a%3c Now, open/create the new file in your text editor with root privileges. Here's a sample:%0a%3c %0a%3c %3ccode>%0a%3c server:%0a%3c ip-address: 0.0.0.0%0a%3c ip4-only: yes%0a%3c identity: "DNS"%0a%3c hide-version: yes%0a%3c verbosity: 1%0a%3c database: ""%0a%3c username: _nsd%0a%3c logfile: "/var/log/nsd.log"%0a%3c pidfile: "/var/nsd/run/nsd.pid"%0a%3c difffile: "/var/nsd/db/ixfr.db"%0a%3c xfrdfile: "/var/nsd/db/xfrd.state"%0a%3c database: "/var/nsd/db/nsd.db"%0a%3c %0a%3c remote-control:%0a%3c control-enable: yes%0a%3c control-interface: /var/nsd/run/nsd.sock%0a%3c %0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "master/example.net.zone"%0a%3c #notify: 193.201.116.2 NOKEY%0a%3c #provide-xfr: 193.201.116.2 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c ====== Primary and secondary server ======%0a%3c If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%3c %0a%3c %3ccode>%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "master/example.net.zone"%0a%3c notify: 20.20.20.20 NOKEY%0a%3c provide-xfr: 20.20.20.20 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c Create a new block in the secondary server config file, as in the example:%0a%3c %3ccode>%0a%3c zone:%0a%3c name: "example.net"%0a%3c zonefile: "slave/example.net.zone"%0a%3c allow-notify: 10.10.10.10 NOKEY%0a%3c request-xfr: 10.10.10.10 NOKEY%0a%3c %3c/code>%0a%3c %0a%3c ====== The zone file for NSD ======%0a%3c The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%3c %0a%3c %3ccode>%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net. 3600 SOA ns.example.net. admin.example.net. (%0a%3c 2020070701 ; serial YYYYMMDDnn%0a%3c 10800 ; refresh%0a%3c 3600 ; retry%0a%3c 604800 ; expire%0a%3c 86400 ) ; minimum TTL%0a%3c %0a%3c example.net. NS ns.example.net.%0a%3c example.net. NS ns.secondary.net.ua.%0a%3c ns A 10.10.10.10%0a%3c example.net. A 10.10.10.10%0a%3c www A 10.10.10.10%0a%3c irc A 10.10.10.10%0a%3c imap A 10.10.10.10%0a%3c smtp A 10.10.10.10%0a%3c example.net. mx 10 smtp.example.net.%0a%3c %3c/code>%0a%3c %0a%3c Save this zone file as /var/nsd/zones/master/example.net.zone%0a%3c %0a%3c ====== Configuration check and start ======%0a%3c NSD bring along a tool to check the configuration file before you start or reload the daemon:%0a%3c %3ccode>%0a%3c $ doas nsd-checkconf /var/nsd/etc/nsd.conf%0a%3c %3c/code>%0a%3c %0a%3c Any errors are reported, so no news are good news. You can go ahead and start NSD:%0a%3c %3ccode>%0a%3c $ doas rcctl enable nsd%0a%3c $ doas rcctl start nsd%0a%3c %3c/code>%0a\ No newline at end of file%0a
125
2023-01-22
jrmu
host:1597224805=38.81.163.143
IRCNow