A name server is a server that hosts a network service for providing responses to queries against a directory service. It maps a human-recognizable identifier to a system-internal, identification or addressing component, the program BIND is the most famous name server available on Linux, it can be used to do everything you need from a name server, but sometimes you need less.
Maybe you have a VPS and you want just to manage your DNS name, for this use you could check NSD a great alternative to BIND, it does not do DNS forwarding, it only serves its own domains. but this could be enough for your project.
NSD uses BIND-style zone-files; zone-files used under BIND (named) can usually be supplied unmodified in NSD once declared in the nsd.conf configuration. NSD manages zone information compiled via ‘zonec’ into a binary database file (nsd.db) which allows lightning fast start up of the NSD name-service daemon, syntax structural verification and flagging of errors at database compile-time. All this before being made available to NSD service itself.
Let’s see how to install and configure it.
NSD package is available in the repository of the main distributions, so you can use your package manager to install it with just 1 command such as:
Red Hat Enterprise and Centos
yum install nsd
Debian and Ubuntu
sudo apt-get install ns3
NSD configuration (nsd.conf)
The main configuration file of NSD is nsd.conf, that is located in a different path depending on your distribution :
Debian – Ubuntu :
Centos – Red Hat Enterprise :
The following is a master configuration taken from a Centos system, serving the domain linuxaria.org on the IP address 188.8.131.52
# # nsd.conf -- the NSD(8) configuration file, nsd.conf(5). # # Copyright (c) 2001-2011, NLnet Labs. All rights reserved. # # See LICENSE for the license. # # This is a configuration file commented out, you just need to change the IP and the zone file to customize it. # options for the nsd server server: # uncomment to specify specific interfaces to bind (default wildcard interface). # ip-address: localhost ip-address: 184.108.40.206 # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries # Keep yes for security reasons. hide-version: yes # enable debug mode, does not fork daemon process into the background. # debug-mode: no # listen only on IPv4 connections, set yes to save some memory ip4-only: yes # listen only on IPv6 connections # ip6-only: no # the database to use, this is the standard path. # database: "/var/lib/nsd/nsd.db" # identify the server (CH TXT ID.SERVER entry). identity: "" # NSID identity (hex string). default disabled. # nsid: "aabbccdd" # log messages to file. Default to stderr and syslog (with facility LOG_DAEMON). # logfile: "/var/log/nsd.log" # Number of NSD servers to fork, keep 1 for low memory VPS server-count: 1 # Maximum number of concurrent TCP connections per server. # This option should have a value below 1000, 10 is good for a low memory VPS tcp-count: 10 # Maximum number of queries served on a single TCP connection. # By default 0, which means no maximum. # tcp-query-count: 0 # Override the default (120 seconds) TCP timeout. # tcp-timeout: 120 # Preferred EDNS buffer size for IPv4. # ipv4-edns-size: 4096 # Preferred EDNS buffer size for IPv6. # ipv6-edns-size: 4096 # File to store pid for nsd in. # pidfile: "/var/run/nsd/nsd.pid" # port to answer queries on. default is 53. # port: 53 # statistics are produced every number of seconds. # statistics: 3600 # if per zone statistics is enabled, file to store statistics. # zone-stats-file: "/var/log/nsd.stats" # The directory for zonefile: files. zonesdir: "/etc/nsd/zones" #This is the definition of the first zone, you must have 1 for every domain. zone: name: linuxaria.org #file in the zonesdir that contains the domain information. zonefile: linuxaria.org.conf
Now we have to setup the zone files that we have defined in the nsd.conf configuration file
NSD Zone file
A zone file can be simple as this one, that just defines the SOA, the NS, MX and some address for the domain:
;## NSD authoritative only DNS $ORIGIN linuxaria.org. ; default zone domain $TTL 86400 ; default time to live @ IN SOA ns1 [email protected] ( 2012082703 ; serial number 28800 ; Refresh 14400 ; Retry 864000 ; Expire 86400 ; Min TTL ) NS ns1.inuxaria.org. NS ns2.inuxaria.org. MX 10 mail.inuxaria.org. mail IN A 220.127.116.11 www IN A 18.104.22.168 ns1 IN A 22.214.171.124 ns2 IN A 126.96.36.199 * IN A 188.8.131.52 @ IN A 184.108.40.206 ;## NSD authoritative only DNS
For NSD it is a requisite to set your “NS” name server hostname (ns1.linuxaria.org to 220.127.116.11 in this example) to the same ip address NSD is listening on, the one we have set in the nsd.conf file. This is so important because a resolving DNS server, like Bind, will ask NSD what the current authoritative name server ip address is. NSD will say the name server for “linuxaria.org” is “ns1.linuxaria.org and its ip is 18.104.22.168. And so 22.214.171.124 is the address that Bind will use to connect.
Note also the special syntax:
* IN A 126.96.36.199
that is a catch-all for every name in the domain .linuxaria.org.
Rebuild and restart
Now that we have defined everything we must compile the nsd database from the zone files and start the daemon to do this run these 2 commands:
sudo nsdc rebuild
in this phase you’ll receive a message if there are errors in the zone file, if everything if correct you can restart the daemon with:
Debian or Unbuntu server restart
Red Hat and Centos server restart
The easiest way to test your NSD configuration is to run from the server a
dig querying NSD for the domain you just defined, in our example
dig @188.8.131.52 linuxaria.org
You should see something similar to this output:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.2 <<>> @184.108.40.206 linuxaria.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<
In this output you should see in the ANSWER SECTION the correct association between your DNS name and IP and in the AUTHORITY SECTION the correct association between your NS and the configured IP.