NSD as secondary nameserver

nsd | source | dnssec | secondary

warning

make sure you declare both servers as NS –and– also provide glue records for those

setup – primary

see nsd then also prepare the secret for the sync

generate a secret for sending/receiving updates

    dd if=/dev/random count=1 bs=32 | base64

vi /etc/nsd/nsd.conf

key:
        name: "sync"
        algorithm: hmac-sha256
        secret: "THAT-SECRET-HERE"

setup – secondary

cd /etc/nsd/
vi nsd.conf

server:
(same as primary)

remote-control:
(same but points to local keys)

key:
(same as primary - yes both nodes need to share that secret)

pattern:
        name: "primary"
        allow-notify: PRIMARY-IP sync
        request-xfr: AXFR PRIMARY-IP sync

zone:
    ...
    include-pattern: "primary"

## acceptance

make a dummy change on the primary and watch the logs

_on both sides_

    tail -F /var/log/syslog

_on the primary_

; sync test pouet IN A 1.2.3.4 ```

nsd-control reload $zone

resources

https://www.linode.com/docs/guides/dns-primary-and-secondary-server-setup/

https://discourse.mailinabox.email/t/guide-how-to-setup-nsd-as-a-secondary-nameserver-for-mail-in-a-box/9039

https://calomel.org/nsd_dns.html


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun