We here use a short TTL while initial deployment of the service (21600 seconds - 6 hours).
For testing purposes you may otherwise even reduce it to 300 seconds (5 minutes) or 1800 (30 minutes).
However, once everything is in place, eventually switch to 86400 - 24 hours.
Note we’re using the same TTL for both $TTL AND the SOA record itself.
zone=example.local time=`date +%s` secondary=nssec.online.net # be it for internal or public network ip=x.x.x.x # w/o chroot zonefile=/etc/nsd/$zone.db # chroot zonefile=/var/chroot/var/db/$zone.db
note the trailing dot after zone name
# BEWARE ESCAPES ARE IN THERE
cat > $zonefile <<EOF
\$ORIGIN $zone.
\$TTL 21600
@ IN SOA $zone. abuse.$zone. (
$time ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
21600 ; ttl
)
@ IN NS ns.$zone.
@ IN NS $secondary.
@ IN MX 5 mx
@ IN A $ip
* IN A $ip
ns IN A $ip
mx IN A $ip
EOF
Eventually define a host in case this is a hosting domain
host IN A $ip
Eventually define a PXE server in case this is a internal network
pxe IN CNAME host