====== Installation ======

blah

====== Fichier de configuration ======

On the //master// side:

<code>
port: 5353

key:
        name: "synchro-key"
        algorithm: hmac-sha256
        secret: "<RANDOM_KEY>"


pattern:
        name: "synchro-to-slave"
        notify: <SLAVE_IP_ADDRESS>@5353 "synchro-key"
        provide-xfr: <SLAVE_IP_ADDRESS> "synchro-key"

zone:
        name: "example.domain.com."
        zonefile:  "/etc/nsd/zones/example.domain.com.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "0.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/0.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "1.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/1.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

#zone:
#       name: "2.10.in-addr.arpa"
#       zonefile:  "/etc/nsd/zones/2.10.in-addr.arpa.zone"
#       include-pattern: "synchro-to-slave"

zone:
        name: "3.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/3.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "4.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/4.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "5.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/5.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"
</code>

On the //slave// side:

<code>
port: 5353

key:
        name: "synchro-key"
        algorithm: hmac-sha256
        secret: "<RANDOM_KEY>"

pattern:
        name: "synchro-from-master"
        allow-notify: <MASTER_IP_ADDRESS> "synchro-key"
        request-xfr: AXFR <MASTER_IP_ADDRESS>@5353 "synchro-key"
        outgoing-interface: <SLAVE_IP_ADDRESS>

zone:
        name: "example.domain.com."
        zonefile:  "/etc/nsd/zones/example.domain.com.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "0.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/0.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "1.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/1.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

#zone:
#       name: "2.10.in-addr.arpa"
#       zonefile:  "/etc/nsd/zones/2.10.in-addr.arpa.zone"
#       include-pattern: "synchro-from-master"

zone:
        name: "3.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/3.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "4.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/4.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "5.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/5.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"
</code>

====== Configuration ======

Edit ''nsd.conf'' to configure the service as wished.

We need to set a port different than 53, as it is used by Unbound. We also need to bind on a non-local (non localhost) IP address, simply because we need to have zone transfers between our name servers.

We also have to generate a cryptographic key to protect our zone transfers:

<code bash>
dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64
</code>

====== Mise à jour ======

blah

====== Bibliographie ======

  * Site web officiel : [[http://www.nlnetlabs.nl/projects/nsd/]] ;
  * Wikipedia : [[https://en.wikipedia.org/wiki/NSD]] / [[fr]] ;
  * [[https://calomel.org/nsd_dns.html]];
  * [[https://www.digitalocean.com/community/tutorials/how-to-use-nsd-an-authoritative-only-dns-server-on-ubuntu-14-04]];
  * etc.