[nsd-users] First post in the list

ficovh Valladolid ficovh at gmail.com
Tue Oct 11 21:13:51 UTC 2011


Thank you Greg

I'm a NetBSD user also, from 1.5 and love it.

Thank you for you config.

Regards.

On Tue, Oct 11, 2011 at 3:42 PM, Greg A. Woods <woods at planix.ca> wrote:

> At Tue, 11 Oct 2011 14:51:01 -0500, ficovh Valladolid <ficovh at gmail.com>
> wrote:
> Subject: [nsd-users] First post in the list
> >
> > I'm a BSD User, and are experimenting NSD in a OpenBSD box: anyone have
> > samples or config for setting NSD on OpenBSD ?
> > Anyone are using it on BSD succesfully ?
>
> I'm using NSD successfully on NetBSD, and have been doing so for some
> time now, and in several different settings.
>
> I think for the most part any differences between OpenBSD and NetBSD are
> irrelevant for use of NSD.
>
> I'm building and installing NSD from NetBSD pkgsrc (more or less -- I
> have local patches to fix a few cosmetic issues with the pkgsrc module
> itself and add features to the rc.d script, but no local patches to the
> NSD code).
>
> I append the following two lines to /etc/daily.local:
>
>        # do daily flush of /var/db/nsd/nsd-ixfrd.db
>        su -m nsd -c '/usr/pkg/sbin/nsdc patch'
>
> ----------------------------------------
> #
> #       nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
> #
>
> # global options for the nsd server
> #
> server:
>        # uncomment to specify specific interfaces to bind (default all).
>        #ip-address: 1.2.3.4
>        #ip-address: 12fe::8ef0
>        ip-address: 204.92.254.5
>
>        # port to answer queries on. default is 53.
>        #port: 53
>
>        # listen only on IPv4 connections
>        ip4-only: yes
>
>        # listen only on IPv6 connections
>        # ip6-only: no
>
>        # the database to use.
>        database: "/var/db/nsd/nsd.db"
>
>        # whether or not to hide the server's identity (not necessary!)
>        hide-version: no
>
>        # log messages to file. Default to stderr and syslog.
>        #logfile: "/var/log/nsd.log"
>
>        # Number of NSD servers to fork.
>        #server-count: 1
>
>        # Maximum number of concurrent TCP connections per server.
>        tcp-count: 100
>
>        # File to store pid for nsd in.
>        #pidfile: "/var/run/nsd.pid"
>
>        # statistics are produced every number of seconds.
>        statistics: 3600
>
>        # After binding socket, drop user privileges.
>        # can be a username, id or id.gid.
>        username: nsd
>
>        # The directory for zonefile: files.
>        #zonesdir: "/etc/nsd"
>
>        # The file where incoming zone transfers are stored.
>        # run nsd-patch to update zone files, then you can safely delete it.
>        difffile: "/var/db/nsd/nsd-ixfr.db"
>
>        # The file where secondary zone refresh and expire timeouts are
> kept.
>        # If you delete this file, all secondary zones are forced to be
>        # 'refreshing' (as if nsd got a notify).
>        xfrdfile: "/var/db/nsd/nsd-xfrd.state"
>
>        # Number of seconds between reloads triggered by xfrd.
>        #xfrd-reload-timeout: 10
>
>        # Verbosity level.
>        verbosity: 2
>
> # the following zones should be in every nameserver as per RFC 1912
> #
> # They have no secondaries, and provide no notifies (but are freely
> # transferable).  These zones are most critical in caching resolvers
> # and fowarders, but may still provide some benefit in
> # authoritative-only nameservers.
> #
> zone:
>        name: "0.in-addr.arpa"
>        zonefile: "master/0"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> zone:
>        name: "255.in-addr.arpa"
>        zonefile: "master/255"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> #       the ipv4 loopback forward and reverse-lookup zones...
> #
> # a "top-level" domain to name the loopback interface(s)...
> #
> zone:
>        name: "localhost"
>        zonefile: "master/localhost"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> # The 127/8 reverse zones also provide a pedantic example of how
> # reverse zones for class-A and class-B subnets should be delegated so
> # that you can manage each sub-zone from a separate file...
> #
> zone:
>        name: "127.IN-ADDR.ARPA"
>        zonefile: "master/127"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> zone:
>        name: "0.127.IN-ADDR.ARPA"
>        zonefile: "master/127.0"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> zone:
>        name: "0.0.127.IN-ADDR.ARPA"
>        zonefile: "master/127.0.0"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> zone:
>        name: "255.127.IN-ADDR.ARPA"
>        zonefile: "master/127.255"
>        provide-xfr: 0.0.0.0/0 NOKEY
> #
> zone:
>        name: "255.255.127.IN-ADDR.ARPA"
>        zonefile: "master/127.255.255"
>        provide-xfr: 0.0.0.0/0 NOKEY
>
>
> # the rest of the configuration is included from separate files for
> # easier maintenance -- i.e. this file can be updated independently of
> # whatever zones this server handles.
> #
> include: "/etc/nsd/nsd-keys.conf"
>
> include: "/etc/nsd/nsd-master.conf"
>
> include: "/etc/nsd/nsd-slave.conf"
>
> ----------------------------------------
> #
> #       nsd-keys.conf
> #
> # currently empty....
> ----------------------------------------
> #
> #       nsd-master.conf
> #
> # public zones for which this server is auth
> #
> zone:
>        name: "weird.ca"
>        zonefile: "master/weird.ca"
>        provide-xfr: 0.0.0.0/0 NOKEY
>
> # ... and so on ...
> ----------------------------------------
> #
> #       nsd-slave.conf
> #
> # public zones which this server slaves from some other master
> #
> zone:
>        name: "PhaedraV.com"
>        zonefile: "/var/db/nsd/PhaedraV.com"
>        allow-notify: 216.138.231.224 NOKEY
>        request-xfr: 216.138.231.224 NOKEY
>        allow-notify: 127.0.0.1 NOKEY
>        allow-notify: 204.92.254.5 NOKEY
>        provide-xfr: 0.0.0.0/0 NOKEY
>        outgoing-interface: 204.92.254.5
>
> # ... and so on ...
> ----------------------------------------
>
> And here are the necessary master files, suitable for use at any and all
> sites, as a shell archive:
>
> # This is a shell archive.  Save it in a file, remove anything before
> # this line, and then unpack it by entering "sh file".  Note, it may
> # create directories; files and directories will be owned by you and
> # have default permissions.
> #
> # This archive contains:
> #
> #       0
> #       255
> #       localhost
> #       127
> #       127.0
> #       127.0.0
> #       127.255
> #       127.255.255
> #
> echo x - 0
> sed 's/^X//' >0 << 'END-of-0'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 0.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost. (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "To stop bogus queries for net 0, as per RFC 1912."
> X
> X; there should be no other records in here.
> END-of-0
> echo x - 255
> sed 's/^X//' >255 << 'END-of-255'
> X;#ident        "@(#)namedb:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 255.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost. (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "To stop bogus queries for net 255, as per RFC
> 1912."
> X
> X; there should be no other records in here.
> END-of-255
> echo x - localhost
> sed 's/^X//' >localhost << 'END-of-localhost'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 24w               ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN localhost.
> X@      IN      SOA     localhost. hostmaster.localhost. (
> X                               2003073113      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               16h )           ; negative response TTL
> X       IN      NS      localhost.
> X       IN      A       127.0.0.1       ; as per RFC 1912
> X       IN      AAAA    ::1
> X       IN      HINFO   VIRTUAL UNKNOWN
> X       IN      TXT     "The default loopback interface"
> X
> X; these names in the localhost zone are for RFC-1101 network names
> X
> Xloopback-net   IN      A       127.0.0.0
> X               IN      HINFO   NETWORK NONE
> X               IN      TXT     "The default IPv4 loopback network"
> X
> Xloopback-bcast IN      A       127.255.255.255
> X               IN      HINFO   NETWORK NONE
> X               IN      TXT     "The default IPv4 loopback broadcast
> address (unused in most stacks)."
> X
> X; there can be no other records in here.
> END-of-localhost
> echo x - 127
> sed 's/^X//' >127 << 'END-of-127'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 127.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost.  (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "The IPv4 LOOPBACK net reverse parent zone."
> X
> X; delegate sub-zones
> X0      IN      NS      localhost.
> X255    IN      NS      localhost.
> END-of-127
> echo x - 127.0
> sed 's/^X//' >127.0 << 'END-of-127.0'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 0.127.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost.  (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "The IPv4 LOOPBACK net intermediate reverse zone."
> X
> X; delegate sub-zone(s)
> X0      IN      NS      localhost.
> END-of-127.0
> echo x - 127.0.0
> sed 's/^X//' >127.0.0 << 'END-of-127.0.0'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 24w               ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 0.0.127.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost.  (
> X                               2003073113      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               16h )           ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "The IPv4 LOOPBACK net reverse zone."
> X
> X; reverse lookup for the loopback network interface and its RFC-1101
> X; network name, as well as an A RR that gives the netmask:
> X;
> X0      IN      PTR     loopback-net.localhost.
> X       IN      A       255.0.0.0
> X       IN      TXT     "The loopback interface network and its netmask."
> X
> X; NOTE: do NOT create a "localhost.your.domain" vanity A record -- use a
> CNAME instead!
> X;
> X1      IN      PTR     localhost.
> X       IN      TXT     "The pointer to _the_ canonical localhost."
> X
> X; there can be no other records in this zone.
> END-of-127.0.0
> echo x - 127.255
> sed 's/^X//' >127.255 << 'END-of-127.255'
> X;#ident        "@(#)namedb:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 255.127.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost.  (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "The IPv4 LOOPBACK net's intermediate broadcast
> reverse zone."
> X
> X; delegate sub-zones
> X255    IN      NS      localhost.
> END-of-127.255
> echo x - 127.255.255
> sed 's/^X//' >127.255.255 << 'END-of-127.255.255'
> X;#ident        "@(#)namedb/master:$Id$"
> X
> X$TTL 6w                ; the default TTL for all records listed in this
> file
> X
> X;$ORIGIN 255.255.127.IN-ADDR.ARPA.
> X@      IN      SOA     localhost. hostmaster.localhost.  (
> X                               2001092700      ; Serial number
> (yyyymmddhh)
> X                               8h              ; Refresh Interval
> X                               2h              ; Refresh Retry Interval
> X                               24w             ; Expire time (24w max for
> BIND-8.2.3)
> X                               8h )            ; negative response TTL
> X       IN      NS      localhost.
> X       IN      TXT     "The IPv4 LOOPBACK net's broadcast reverse zone."
> X
> X255    PTR     loopback-bcast.localhost.
> X       IN      TXT     "The loopback network broadcast (usually unused)."
> END-of-127.255.255
> exit
>
>
>
>
> --
>                                                Greg A. Woods
>                                                Planix, Inc.
>
> <woods at planix.com>       +1 250 762-7675        http://www.planix.com/
>
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>
>


-- 
Francisco Valladolid H.
 -- http://blog.bsdguy.net - Jesus Christ follower.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20111011/44a4d64b/attachment.htm>


More information about the nsd-users mailing list