Installation

blah

On the master side:

port: 5353

key:
        name: "synchro-key"
        algorithm: hmac-sha256
        secret: "<RANDOM_KEY>"


pattern:
        name: "synchro-to-slave"
        notify: <SLAVE_IP_ADDRESS>@5353 "synchro-key"
        provide-xfr: <SLAVE_IP_ADDRESS> "synchro-key"

zone:
        name: "example.domain.com."
        zonefile:  "/etc/nsd/zones/example.domain.com.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "0.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/0.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "1.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/1.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

#zone:
#       name: "2.10.in-addr.arpa"
#       zonefile:  "/etc/nsd/zones/2.10.in-addr.arpa.zone"
#       include-pattern: "synchro-to-slave"

zone:
        name: "3.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/3.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "4.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/4.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

zone:
        name: "5.10.in-addr.arpa"
        zonefile: "/etc/nsd/zones/5.10.in-addr.arpa.zone"
        include-pattern: "synchro-to-slave"

On the slave side:

port: 5353

key:
        name: "synchro-key"
        algorithm: hmac-sha256
        secret: "<RANDOM_KEY>"

pattern:
        name: "synchro-from-master"
        allow-notify: <MASTER_IP_ADDRESS> "synchro-key"
        request-xfr: AXFR <MASTER_IP_ADDRESS>@5353 "synchro-key"
        outgoing-interface: <SLAVE_IP_ADDRESS>

zone:
        name: "example.domain.com."
        zonefile:  "/etc/nsd/zones/example.domain.com.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "0.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/0.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "1.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/1.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

#zone:
#       name: "2.10.in-addr.arpa"
#       zonefile:  "/etc/nsd/zones/2.10.in-addr.arpa.zone"
#       include-pattern: "synchro-from-master"

zone:
        name: "3.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/3.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "4.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/4.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

zone:
        name: "5.10.in-addr.arpa."
        zonefile: "/etc/nsd/zones/5.10.in-addr.arpa.zone"
        include-pattern: "synchro-from-master"

Edit nsd.conf to configure the service as wished.

We need to set a port different than 53, as it is used by Unbound. We also need to bind on a non-local (non localhost) IP address, simply because we need to have zone transfers between our name servers.

We also have to generate a cryptographic key to protect our zone transfers:

dd if=/dev/random of=/dev/stdout count=1 bs=32 | base64

blah

Site web officiel : http://www.nlnetlabs.nl/projects/nsd/ ;
Wikipedia : https://en.wikipedia.org/wiki/NSD / fr ;
https://calomel.org/nsd_dns.html;
https://www.digitalocean.com/community/tutorials/how-to-use-nsd-an-authoritative-only-dns-server-on-ubuntu-14-04;
etc.

Installation

Fichier de configuration

Configuration

Mise à jour

Bibliographie

mouet-mouet !