[nsd-users] Logfile/verbosity and master/slave

W.C.A. Wijngaards wouter at NLnetLabs.nl
Wed Dec 10 10:32:37 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lew Payne wrote:
> Can someone tell me if nsd (3.2.0) supports logging the actual queries
> it receives (regardless of the answer, such as NXDOMAIN)?

No. Programs like dnsmon and tcpdump can do this I believe.
you could run tcpdump dst port 53 and dst host <public address of your
machine>.

> Yes, I realize that purists will tell me it slows down the DNS server,

Exact.

> Another question - Is it possible to configure nsd such that it is
> both a master and a slave for the same zones?  The idea behind this is
> that I'd like to be able to update any of the nsd zonefiles residing
> on any of the boxes, and have that update propagate to the others.
> Yes, I realize I can do this (crudely and forcefully) with a cron job
> that rsyncs and triggers a reload, but I was hoping there was a better
> way that actually used NOTIFY or such.

Yes, simply configure.  I wrote NSD3 to be able to do this :-)

Set up allow-notify, request-xfr, notify and provide-xfr to all other
servers.  Please use a TSIG key for security.

This will cause all servers to notify all others, and attempt to
download from them.

The only downside is the perpetual zone problem (discussed in dnsop
draft-expire) where the zone will never expire, because every server can
update its lease from any other (master). The only way to make a zone go
away would be to de-configure the zone on the servers.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkk/jLUACgkQkDLqNwOhpPgYAwCfaPSTP3kDySzU+ZLMVWUCSC3j
U4QAoJrDRqBTbIsnLdWq/J+qiOZWsEvU
=X0nH
-----END PGP SIGNATURE-----


More information about the nsd-users mailing list