Nsd /
Masterslave
Master/Slave Servers
## slave zone example #zone: # name: "example.net" # zonefile: "slave/example.net" # allow-notify: 192.0.2.2 tsig1.example.com. # request-xfr: 192.0.2.2 tsig1.example.com.
## tsig key example
key:
name: "example.ircnow.org"
algorithm: hmac-sha256
secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"
It's a good idea to name the key after your domain, with a final period at the end to show that it is a fully qualified domain name?. For the secret, you must put in the base64 encoding of a random string. Make it longer for more security.
Primary and secondary server
If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:
zone: name: "example.net" zonefile: "master/example.net" notify: 20.20.20.20 NOKEY provide-xfr: 20.20.20.20 NOKEY
Create a new block in the secondary server config file, as in the example:
zone: name: "example.net" zonefile: "slave/example.net" allow-notify: 10.10.10.10 NOKEY request-xfr: 10.10.10.10 NOKEY
The zone file for NSD
The next step is to write the zone files for NSD. First the forward lookup zone example.net:
; Domain file from My project
example.net. 3600 SOA ns.example.net. admin.example.net. (
2020070701 ; serial YYYYMMDDnn
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ) ; minimum TTL
example.net. NS ns.example.net.
example.net. NS ns.secondary.net.
ns A 10.10.10.10
example.net. A 10.10.10.10
www A 10.10.10.10
irc A 10.10.10.10
imap A 10.10.10.10
smtp A 10.10.10.10
example.net. mx 10 smtp.example.net.
Save this zone file as /var/nsd/zones/master/example.net