[nsd-users] Best practices to switch from BIND to NSD

Peter Andreev andreev.peter at gmail.com
Fri Jun 8 10:43:22 UTC 2012


2012/6/8 Jan-Piet Mens <jpmens.dns at gmail.com>

> > I'm a sys admin and currently working for a french hosting company.  We
> > provide DNS services to our customers and at the moment we are using BIND
> > on Debian servers.  BIND is a good software but we don't need a recursing
> > DNS for our public DNS, and we needed better security than what BIND
> provides.
>
> As you probably know, you can disable recursion in BIND, thus making it
> authoritative only. :)
>

I would also recommend disabling additional-from-cache.


> > So I made the suggestion to replace BIND by another DNS software.
> > NSD appears to be the best alternative.
>
> NSD is indeed an excellent choice. There is one thing you must be aware
> of: you can't add/remove zones to NSD on-the-fly. You have to configure
> them in `nsd.conf' (or an included file) and then rebuild NSD's
> database. If you can live with that, you should be set to go.
>

NSD also means no outgoing IXFR's and some additional cron jobs for "nsdc
patch".

May be TS should take a look on Knot DNS and Yadifa to choose the proper
server for his tasks?


> > I'm currently writing some scripts to help the migration process, but I'd
> > like to know if something already exists to help me in this task. If not
> I
> > probably will make my scripts public and post it to this mailing-list.
>
> I'm not really aware of any scripts... Basically it's a matter of
> listing your zones and creating nsd.conf "zone" stanzas. A bit of
> [ ls | {awk|perl} ] will probably get you going pretty quickly.
>
> > I also would like to know if you have some best-practices about NSD in
> > general.
>
> I recommend you look at past postings in the archive of this mailing-
> list.
>
> Good luck!
>
>        -JP
>
> PS: And if you do need recursive service somewhere on your network, I
>    greatly recommend you look at Unbound, also by NLnet Labs.
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
>



-- 
AP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20120608/831347e2/attachment.htm>


More information about the nsd-users mailing list