Master DNS Server
1. NSD3
1.1 Install NSD3
1.2 Install ldns
1.3 Configure an NSD master
1.4 Create a zone file
1.5 Testing DNS
1.6 Reload the Zone Files
NSD3
For DNS services I have opted for NSD 3.x. This guide assumes some knowledge of configuring DNS, it is really just a reference document for myself.Install NSD3
Debian Etch
NSD3 is currently in available in the Debian back-ports repos for Debain Etch. This assumes you have enabled the back-ports repo.apt-get install dnsutils whois apt-get install -t etch-backports nsd3
Ubuntu Hardy
aptitude install dnsutils whois aptitude install nsd3
Install ldns
ldns includes several useful DNS utilities, not least a key generator for TSIG.Debian Etch
Sadly, there is not a package available for Debian Etch yet :-(apt-get install libssl-dev wget http://nlnetlabs.nl/downloads/ldns-1.2.0.tar.gz tar zxvf ldns-1.2.0.tar.gz cd ldns-1.2.0 ./configure make cd examples ./configure make
Ubuntu Hardy
aptitude install ldnsutils
Make a key
Sadly I haven't figure out how to make an HMAC-MD5 hash using anything other than 'dnssec-keygen' which comes in the bind9 package on Debian and Ubuntu. Therefore I generate my key on host with bind9 installed.dnssec-keygen -a hmac-md5 -b 128 -n host example.orgThis will generate two files, something like below...
Kexample.org.+157+63222.key Kexample.org.+157+63222.privateIf you 'cat' the .private file you'll expose the key.
cat Kexample.org.+157+63222.privateWhich will show something like this (the key below is bogus)...
Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) Key: K2tf3TRjvQkVCmJF3/Z9vA==
Configure an NSD master
nano /etc/nsd3/nsd.confAdd the following to the end of the file... Sample
# key for zone 1
key:
name: mskey
algorithm: hmac-md5
secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
# Sample zone 1
zone:
name: "example.org"
zonefile: "master/example.org"
# This is a master zone, slaves are listed below.
# Slave 1
notify: 1.2.3.4 masterkey
provide-xfr: 1.2.3.4 masterkey
Now create the directory for the master zone files.
mkdir /etc/nsd3/master chown -R nsd:root master
Create a zone file
NSD3 is compatible with Bind formatted zone files, one of the reasons I choose to use it. nano /etc/nsd3/master/example.org
$TTL 1d
@ IN SOA ns1.example.org. hostmaster (
2007120400; serial yyyymmddxx
28800; refresh, seconds
7200; retry, seconds
604800; expire, seconds
3600 ); minimum, seconds
@ IN A 1.2.3.1
ns1 IN A 1.2.3.2
ns2 IN A 1.2.3.3
mail IN A 1.2.3.4
@ IN NS ns1
@ IN NS ns2
@ IN MX 10 mail
www IN A 1.2.3.1
ftp IN CNAME www
example.org. IN TXT "v=spf1 mx:example.org ~all"
Finally, restart the NSD3 daemon. This will rebuild all the zone files and also reload the configuration.
/etc/init.d/nsd3 restart
Testing DNS
Use dig to test name resolution on your NSD server, for example...dig @127.0.0.1 www.example.orgI also use IntoDNS to test my DNS and email configuration. IntoDNS is very similar to DNSStuff, before DNSStuff went all commercial and shit.
Reload the Zone Files
If you make changes to a zone file you'll need to reload NSD3 to make the changes active. This will also notify any slaves as well./etc/init.d/nsd3 reloadReferences
- http://www.nlnetlabs.nl/nsd/
- http://www.nlnetlabs.nl/ldns/
- http://linuxmafia.com/faq/Network_Other/dns-servers.html
$Id: MasterDNSServer,v 1.13 2008/08/12 11:23:41 martin Exp $
Wiki Index All Recent Edit Top
