A name server is a server that hosts a network service for providing responses to queries against a directory service. It maps a human-recognizable identifier to a system-internal, identification or addressing component, the program BIND is the most famous name server available on Linux, it can be used to do everything you need from a name server, but sometimes you need less.
Maybe you have a VPS and you want just to manage your DNS name, for this use you could check NSD a great alternative to BIND, it does not do DNS forwarding, it only serves its own domains. but this could be enough for your project.
NSD uses BIND-style zone-files; zone-files used under BIND (named) can usually be supplied unmodified in NSD once declared in the nsd.conf configuration. NSD manages zone information compiled via ‘zonec’ into a binary database file (nsd.db) which allows lightning fast start up of the NSD name-service daemon, syntax structural verification and flagging of errors at database compile-time. All this before being made available to NSD service itself.
Let’s see how to install and configure it.
Installation
NSD package is available in the repository of the main distributions, so you can use your package manager to install it with just 1 command such as:
Red Hat Enterprise and Centos
yum install nsd |
Debian and Ubuntu
sudo apt-get install ns3 |
Gentoo
emerge nsd |
NSD configuration (nsd.conf)
The main configuration file of NSD is nsd.conf, that is located in a different path depending on your distribution :
Debian – Ubuntu : /etc/nsd3/nsd.conf
Centos – Red Hat Enterprise : /etc/nsd/nsd.conf
The following is a master configuration taken from a Centos system, serving the domain linuxaria.org on the IP address 66.228.45.214
# # nsd.conf -- the NSD(8) configuration file, nsd.conf(5). # # Copyright (c) 2001-2011, NLnet Labs. All rights reserved. # # See LICENSE for the license. # # This is a configuration file commented out, you just need to change the IP and the zone file to customize it. # options for the nsd server server: # uncomment to specify specific interfaces to bind (default wildcard interface). # ip-address: localhost ip-address: 66.228.45.214 # don't answer VERSION.BIND and VERSION.SERVER CHAOS class queries # Keep yes for security reasons. hide-version: yes # enable debug mode, does not fork daemon process into the background. # debug-mode: no # listen only on IPv4 connections, set yes to save some memory ip4-only: yes # listen only on IPv6 connections # ip6-only: no # the database to use, this is the standard path. # database: "/var/lib/nsd/nsd.db" # identify the server (CH TXT ID.SERVER entry). identity: "" # NSID identity (hex string). default disabled. # nsid: "aabbccdd" # log messages to file. Default to stderr and syslog (with facility LOG_DAEMON). # logfile: "/var/log/nsd.log" # Number of NSD servers to fork, keep 1 for low memory VPS server-count: 1 # Maximum number of concurrent TCP connections per server. # This option should have a value below 1000, 10 is good for a low memory VPS tcp-count: 10 # Maximum number of queries served on a single TCP connection. # By default 0, which means no maximum. # tcp-query-count: 0 # Override the default (120 seconds) TCP timeout. # tcp-timeout: 120 # Preferred EDNS buffer size for IPv4. # ipv4-edns-size: 4096 # Preferred EDNS buffer size for IPv6. # ipv6-edns-size: 4096 # File to store pid for nsd in. # pidfile: "/var/run/nsd/nsd.pid" # port to answer queries on. default is 53. # port: 53 # statistics are produced every number of seconds. # statistics: 3600 # if per zone statistics is enabled, file to store statistics. # zone-stats-file: "/var/log/nsd.stats" # The directory for zonefile: files. zonesdir: "/etc/nsd/zones" #This is the definition of the first zone, you must have 1 for every domain. zone: name: linuxaria.org #file in the zonesdir that contains the domain information. zonefile: linuxaria.org.conf
Now we have to setup the zone files that we have defined in the nsd.conf configuration file
NSD Zone file
A zone file can be simple as this one, that just defines the SOA, the NS, MX and some address for the domain:
;## NSD authoritative only DNS $ORIGIN linuxaria.org. ; default zone domain $TTL 86400 ; default time to live @ IN SOA ns1 [email protected] ( 2012082703 ; serial number 28800 ; Refresh 14400 ; Retry 864000 ; Expire 86400 ; Min TTL ) NS ns1.inuxaria.org. NS ns2.inuxaria.org. MX 10 mail.inuxaria.org. mail IN A 66.228.45.214 www IN A 66.228.45.214 ns1 IN A 66.228.45.214 ns2 IN A 66.228.45.214 * IN A 66.228.45.214 @ IN A 66.228.45.214 ;## NSD authoritative only DNS
For NSD it is a requisite to set your “NS” name server hostname (ns1.linuxaria.org to 66.228.45.214 in this example) to the same ip address NSD is listening on, the one we have set in the nsd.conf file. This is so important because a resolving DNS server, like Bind, will ask NSD what the current authoritative name server ip address is. NSD will say the name server for “linuxaria.org” is “ns1.linuxaria.org and its ip is 66.228.45.214. And so 66.228.45.214 is the address that Bind will use to connect.
Note also the special syntax:
* IN A 66.228.45.214
that is a catch-all for every name in the domain .linuxaria.org.
Rebuild and restart
Now that we have defined everything we must compile the nsd database from the zone files and start the daemon to do this run these 2 commands:
sudo nsdc rebuild |
in this phase you’ll receive a message if there are errors in the zone file, if everything if correct you can restart the daemon with:
Debian or Unbuntu server restart
/etc/init.d/nsd3 restart |
Red Hat and Centos server restart
/etc/init.d/nsd restart |
Testing NSD
The easiest way to test your NSD configuration is to run from the server a dig
querying NSD for the domain you just defined, in our example
dig @66.228.45.214 linuxaria.org
You should see something similar to this output:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.2 <<>> @66.228.45.214 linuxaria.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER< |
In this output you should see in the ANSWER SECTION the correct association between your DNS name and IP and in the AUTHORITY SECTION the correct association between your NS and the configured IP.
Popular Posts:
- None Found
Hey, never heard of it but after reading this I’m looking forward to trying it out and see if it will replace the use of BIND here.
As always, awesome articles at LinuxAria.
take care,
– d
Thanks Daniel,
This program is new to me too, but it’s really easy to setup it if you are used to bind and usually you can save something around 30MB that on small VPS is a lot 😉
I just heard too and immediately replaced with the bind on my vps. It uses less memory and never down. Thank you for this great article bro.
For Ubuntu and Debian the package is not ns3. It is nsd3. Therefore the command to install is:
sudo apt-get install nsd3