Aug 312012

A name server is a server that hosts a network service for providing responses to queries against a directory service. It maps a human-recognizable identifier to a system-internal, identification or addressing component, the program BIND is the most famous name server available on Linux, it can be used to do everything you need from a name server, but sometimes you need less.

Maybe you have a VPS and you want just to manage your DNS name, for this use you could check NSD a great alternative to BIND, it does not do DNS forwarding, it only serves its own domains. but this could be enough for your project.

NSD uses BIND-style zone-files; zone-files used under BIND (named) can usually be supplied unmodified in NSD once declared in the nsd.conf configuration. NSD manages zone information compiled via ‘zonec’ into a binary database file (nsd.db) which allows lightning fast start up of the NSD name-service daemon, syntax structural verification and flagging of errors at database compile-time. All this before being made available to NSD service itself.

Let’s see how to install and configure it.


NSD package is available in the repository of the main distributions, so you can use your package manager to install it with just 1 command such as:

Red Hat Enterprise and Centos

yum install nsd

Debian and Ubuntu

sudo apt-get install ns3


emerge nsd

NSD configuration (nsd.conf)

The main configuration file of NSD is nsd.conf, that is located in a different path depending on your distribution :

DebianUbuntu : /etc/nsd3/nsd.conf
CentosRed Hat Enterprise : /etc/nsd/nsd.conf

The following is a master configuration taken from a Centos system, serving the domain on the IP address

# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
# See LICENSE for the license.

#  This is a configuration file commented out, you just need to change the IP and the zone file to customize it.

# options for the nsd server
	# uncomment to specify specific interfaces to bind (default wildcard interface).
        # ip-address: localhost

	# don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries
        # Keep yes for security reasons.
	hide-version: yes

	# enable debug mode, does not fork daemon process into the background.
	# debug-mode: no

	# listen only on IPv4 connections, set yes to save some memory
	ip4-only: yes

	# listen only on IPv6 connections
	# ip6-only: no

	# the database to use, this is the standard path.
	# database: "/var/lib/nsd/nsd.db"

	# identify the server (CH TXT ID.SERVER entry).
        identity: ""

	# NSID identity (hex string). default disabled.
	# nsid: "aabbccdd"

	# log messages to file. Default to stderr and syslog (with facility LOG_DAEMON).
	# logfile: "/var/log/nsd.log"

	# Number of NSD servers to fork, keep 1 for low memory VPS
	server-count: 1

	# Maximum number of concurrent TCP connections per server.
	# This option should have a value below 1000, 10 is good for a low memory VPS
	tcp-count: 10

	# Maximum number of queries served on a single TCP connection.
	# By default 0, which means no maximum.
	# tcp-query-count: 0

	# Override the default (120 seconds) TCP timeout.
	# tcp-timeout: 120

	# Preferred EDNS buffer size for IPv4.
	# ipv4-edns-size: 4096

	# Preferred EDNS buffer size for IPv6.
	# ipv6-edns-size: 4096

	# File to store pid for nsd in.
	# pidfile: "/var/run/nsd/"

	# port to answer queries on. default is 53.
	# port: 53

	# statistics are produced every number of seconds.
	# statistics: 3600

	# if per zone statistics is enabled, file to store statistics.
	# zone-stats-file: "/var/log/nsd.stats"

  	# The directory for zonefile: files.
    	zonesdir: "/etc/nsd/zones"

       #This is the definition of the first zone, you must have 1 for every domain.
        #file in the zonesdir that contains the domain information.

Now we have to setup the zone files that we have defined in the nsd.conf configuration file

NSD Zone file

A zone file can be simple as this one, that just defines the SOA, the NS, MX and some address for the domain:

;## NSD authoritative only DNS

$ORIGIN    ; default zone domain
$TTL 86400           ; default time to live

@ IN SOA ns1 [email protected] (
           2012082703  ; serial number
           28800       ; Refresh
           14400        ; Retry
           864000      ; Expire
           86400       ; Min TTL

           MX      10

mail   	   IN     A
www   	   IN     A
ns1              IN     A
ns2              IN     A
*                  IN     A
@                IN     A

;## NSD authoritative only DNS

For NSD it is a requisite to set your “NS” name server hostname ( to in this example) to the same ip address NSD is listening on, the one we have set in the nsd.conf file. This is so important because a resolving DNS server, like Bind, will ask NSD what the current authoritative name server ip address is. NSD will say the name server for “” is “ and its ip is And so is the address that Bind will use to connect.

Note also the special syntax:
* IN A

that is a catch-all for every name in the domain

Rebuild and restart

Now that we have defined everything we must compile the nsd database from the zone files and start the daemon to do this run these 2 commands:

sudo nsdc rebuild

in this phase you’ll receive a message if there are errors in the zone file, if everything if correct you can restart the daemon with:

Debian or Unbuntu server restart

/etc/init.d/nsd3 restart

Red Hat and Centos server restart

/etc/init.d/nsd restart

Testing NSD

The easiest way to test your NSD configuration is to run from the server a dig querying NSD for the domain you just defined, in our example

dig @

You should see something similar to this output:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.2 <<>> @
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<

In this output you should see in the ANSWER SECTION the correct association between your DNS name and IP and in the AUTHORITY SECTION the correct association between your NS and the configured IP.

Popular Posts:

Flattr this!

  4 Responses to “How to install NSD Instead of BIND as name server on Linux to save Memory”

  1. Hey, never heard of it but after reading this I’m looking forward to trying it out and see if it will replace the use of BIND here.

    As always, awesome articles at LinuxAria.

    take care,

    – d

    • Thanks Daniel,
      This program is new to me too, but it’s really easy to setup it if you are used to bind and usually you can save something around 30MB that on small VPS is a lot 😉

  2. I just heard too and immediately replaced with the bind on my vps. It uses less memory and never down. Thank you for this great article bro.

  3. For Ubuntu and Debian the package is not ns3. It is nsd3. Therefore the command to install is:

    sudo apt-get install nsd3

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>