Home Explore Help
Register Sign In
EPuters_Mirrors
/
almanack_mirror
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
almanack_mir...
/
wiki.d
/
Nsd.Masterslave

Nsd.Masterslave 5.0 KB
Permalink History Raw

12345678910111213141516 
  1. version=pmwiki-2.2.130 ordered=1 urlencoded=1
    2. 

  2. agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
    3. 

  3. author=jrmu
    4. 

  4. charset=UTF-8
    5. 

  5. csum=
    6. 

  6. ctime=1612258964
    7. 

  7. host=198.251.81.119
    8. 

  8. name=Nsd.Masterslave
    9. 

  9. rev=1
    10. 

  10. targets=Openbsd.FQDN,Openbsd.Base64
    11. 

  11. text=%0a!! Master/Slave Servers%0a%0a[@%0a## slave zone example%0a#zone:%0a#       name: "example.net"%0a#       zonefile: "slave/example.net"%0a#       allow-notify: 192.0.2.2 tsig1.example.com.%0a#       request-xfr: 192.0.2.2 tsig1.example.com.%0a@]%0a%0a[@%0a## tsig key example%0akey:%0a       name: "example.ircnow.org"%0a       algorithm: hmac-sha256%0a       secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a@]%0a%0aIt's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a%0a%0a!! Primary and secondary server%0a%0aIf you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%0a[@%0azone:%0a	name: "example.net"%0a	zonefile: "master/example.net"%0a	notify: 20.20.20.20 NOKEY%0a	provide-xfr: 20.20.20.20 NOKEY%0a@]%0a%0aCreate a new block in the secondary server config file, as in the example:%0a%0a[@%0azone:%0a	name: "example.net"%0a	zonefile: "slave/example.net"%0a	allow-notify: 10.10.10.10 NOKEY%0a	request-xfr: 10.10.10.10 NOKEY%0a@]%0a%0a!! The zone file for NSD%0a%0aThe next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%0a[@%0a; Domain file from My project%0a%0aexample.net.    3600  SOA   ns.example.net. admin.example.net. (%0a                            2020070701   ; serial YYYYMMDDnn%0a                            10800        ; refresh%0a                            3600         ; retry%0a                            604800       ; expire%0a                            86400 )      ; minimum TTL%0a%0aexample.net.    NS    ns.example.net.%0aexample.net.    NS    ns.secondary.net.%0ans              A     10.10.10.10%0aexample.net.    A     10.10.10.10%0awww             A     10.10.10.10%0airc             A     10.10.10.10%0aimap            A     10.10.10.10%0asmtp            A     10.10.10.10%0aexample.net.    mx    10 smtp.example.net.%0a@]%0a%0aSave this zone file as /var/nsd/zones/master/example.net%0a
    12. 

  12. time=1612258964
    13. 

  13. author:1612258964=jrmu
    14. 

  14. diff:1612258964:1612258964:=1,71d0%0a%3c %0a%3c !! Master/Slave Servers%0a%3c %0a%3c [@%0a%3c ## slave zone example%0a%3c #zone:%0a%3c #       name: "example.net"%0a%3c #       zonefile: "slave/example.net"%0a%3c #       allow-notify: 192.0.2.2 tsig1.example.com.%0a%3c #       request-xfr: 192.0.2.2 tsig1.example.com.%0a%3c @]%0a%3c %0a%3c [@%0a%3c ## tsig key example%0a%3c key:%0a%3c        name: "example.ircnow.org"%0a%3c        algorithm: hmac-sha256%0a%3c        secret: "bXBjY3B3alVhaDJrYTBSRENtc01RUmNlYmlj"%0a%3c @]%0a%3c %0a%3c It's a good idea to name the key after your domain, with a final period at the end to show that it is a [[openbsd/FQDN|fully qualified domain name]]. For the secret, you must put in the [[openbsd/base64|base64 encoding]] of a random string. Make it longer for more security.%0a%3c %0a%3c %0a%3c !! Primary and secondary server%0a%3c %0a%3c If you need a secondary server to host the zone, you can do this as follows. Add to the block that describes your master zone, records about the secondary zone as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c 	name: "example.net"%0a%3c 	zonefile: "master/example.net"%0a%3c 	notify: 20.20.20.20 NOKEY%0a%3c 	provide-xfr: 20.20.20.20 NOKEY%0a%3c @]%0a%3c %0a%3c Create a new block in the secondary server config file, as in the example:%0a%3c %0a%3c [@%0a%3c zone:%0a%3c 	name: "example.net"%0a%3c 	zonefile: "slave/example.net"%0a%3c 	allow-notify: 10.10.10.10 NOKEY%0a%3c 	request-xfr: 10.10.10.10 NOKEY%0a%3c @]%0a%3c %0a%3c !! The zone file for NSD%0a%3c %0a%3c The next step is to write the zone files for NSD. First the forward lookup zone example.net:%0a%3c %0a%3c [@%0a%3c ; Domain file from My project%0a%3c %0a%3c example.net.    3600  SOA   ns.example.net. admin.example.net. (%0a%3c                             2020070701   ; serial YYYYMMDDnn%0a%3c                             10800        ; refresh%0a%3c                             3600         ; retry%0a%3c                             604800       ; expire%0a%3c                             86400 )      ; minimum TTL%0a%3c %0a%3c example.net.    NS    ns.example.net.%0a%3c example.net.    NS    ns.secondary.net.%0a%3c ns              A     10.10.10.10%0a%3c example.net.    A     10.10.10.10%0a%3c www             A     10.10.10.10%0a%3c irc             A     10.10.10.10%0a%3c imap            A     10.10.10.10%0a%3c smtp            A     10.10.10.10%0a%3c example.net.    mx    10 smtp.example.net.%0a%3c @]%0a%3c %0a%3c Save this zone file as /var/nsd/zones/master/example.net%0a
    15. 

  15. host:1612258964=198.251.81.119
    16. 

  16.